From: Robin Appelman <icewind@owncloud.com>
Date: Mon, 22 Apr 2013 19:54:25 +0000 (+0200)
Subject: Files: Fix XSS when creating dropshadow
X-Git-Tag: v5.0.6~25
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=b38a1adf2ddeb163b122e76241dddd481b73e9f2;p=nextcloud-server.git

Files: Fix XSS when creating dropshadow
---

diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index 6c5536aafab..19b641cb60a 100644
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -859,9 +859,9 @@ var createDragShadow = function(event){
 	var dir=$('#dir').val();
 
 	$(selectedFiles).each(function(i,elem){
-		var newtr = $('<tr data-dir="'+dir+'" data-filename="'+elem.name+'">'
-						+'<td class="filename">'+elem.name+'</td><td class="size">'+humanFileSize(elem.size)+'</td>'
-					 +'</tr>');
+		var newtr = $('<tr/>').attr('data-dir', dir).attr('data-filename', elem.name);
+		newtr.append($('<td/>').addClass('filename').text(elem.name));
+		newtr.append($('<td/>').addClass('size').text(humanFileSize(elem.size)));
 		tbody.append(newtr);
 		if (elem.type === 'dir') {
 			newtr.find('td.filename').attr('style','background-image:url('+OC.imagePath('core', 'filetypes/folder.png')+')');