Sanitize user input

author Lukas Reschke <lukas@statuscode.ch>

Fri, 12 Oct 2012 12:08:06 +0000 (14:08 +0200)

committer Lukas Reschke <lukas@statuscode.ch>

Fri, 12 Oct 2012 12:09:58 +0000 (14:09 +0200)
author Lukas Reschke <lukas@statuscode.ch>
Fri, 12 Oct 2012 12:08:06 +0000 (14:08 +0200)
committer Lukas Reschke <lukas@statuscode.ch>
Fri, 12 Oct 2012 12:09:58 +0000 (14:09 +0200)
diff --git a/apps/files_versions/js/versions.js b/apps/files_versions/js/versions.js

index 87396cd0ba10ae5b8e089984ea12db247a20464f..07c5655560e0dbf28991b025f49c2574490ca168 100644 (file)
--- a/apps/files_versions/js/versions.js
+++ b/apps/files_versions/js/versions.js
@@ -45,7 +45,7 @@ function createVersionsDropdown(filename, files) {
  
         var historyUrl = OC.linkTo('files_versions', 'history.php') + '?path='+encodeURIComponent( $( '#dir' ).val() ).replace( /%2F/g, '/' )+'/'+encodeURIComponent( filename );
  
-       var html = '<div id="dropdown" class="drop drop-versions" data-file="'+files+'">';
+       var html = '<div id="dropdown" class="drop drop-versions" data-file="'+escapeHTML(files)+'">';
         html += '<div id="private">';
         html += '<select data-placeholder="Saved versions" id="found_versions" class="chzen-select" style="width:16em;">';
         html += '<option value=""></option>';
author	Lukas Reschke <lukas@statuscode.ch>
	Fri, 12 Oct 2012 12:08:06 +0000 (14:08 +0200)
committer	Lukas Reschke <lukas@statuscode.ch>
	Fri, 12 Oct 2012 12:09:58 +0000 (14:09 +0200)