From: Morris Jobke <hey@morrisjobke.de>
Date: Mon, 2 Jun 2014 08:59:47 +0000 (+0200)
Subject: Merge pull request #8187 from owncloud/escape-more-character
X-Git-Tag: v7.0.0alpha2~163
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=27c8c87e94ed0b4c2d7e77030b85f6f18b1bd0ad;p=nextcloud-server.git

Merge pull request #8187 from owncloud/escape-more-character

Also encode > and '
---

27c8c87e94ed0b4c2d7e77030b85f6f18b1bd0ad
diff --cc core/js/js.js
index cf35d8aac6a,b712da4bd02..21a2d4c1b35
--- a/core/js/js.js
+++ b/core/js/js.js
@@@ -149,12 -146,12 +149,12 @@@ function n(app, text_singular, text_plu
  }
  
  /**
 -* Sanitizes a HTML string
 -* @param s string
 -* @return Sanitized string
 +* Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities
 +* @param {string} s String to sanitize
 +* @return {string} Sanitized string
  */
  function escapeHTML(s) {
- 	return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('"').join('&quot;');
+ 	return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('>').join('&gt;').split('"').join('&quot;').split('\'').join('&#039;');
  }
  
  /**