diff options
| author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-04-22 13:16:35 -0700 |
|---|---|---|
| committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-04-22 13:16:35 -0700 |
| commit | 8b490e0ec3cbad31833209f8df1d440a3b49a01f (patch) | |
| tree | a79ba9d826ab36089d5a8e98f7d240aefb9fff2b | |
| parent | 2314067e75a637eac46ee3d915bf4e77bf0dac98 (diff) | |
| parent | 1507d1ef26ec92afbb3d603f9e0e2254dbd7d6c7 (diff) | |
| download | nextcloud-server-8b490e0ec3cbad31833209f8df1d440a3b49a01f.tar.gz nextcloud-server-8b490e0ec3cbad31833209f8df1d440a3b49a01f.zip | |
Merge pull request #3078 from owncloud/files-dnd
Files: Fix XSS when creating dropshadow
| -rw-r--r-- | apps/files/js/files.js | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 7e3caf71a03..a2d17fae7d2 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -757,9 +757,9 @@ var createDragShadow = function(event){ var dir=$('#dir').val(); $(selectedFiles).each(function(i,elem){ - var newtr = $('<tr data-dir="'+dir+'" data-filename="'+elem.name+'">' - +'<td class="filename">'+elem.name+'</td><td class="size">'+humanFileSize(elem.size)+'</td>' - +'</tr>'); + var newtr = $('<tr/>').attr('data-dir', dir).attr('data-filename', elem.name); + newtr.append($('<td/>').addClass('filename').text(elem.name)); + newtr.append($('<td/>').addClass('size').text(humanFileSize(elem.size))); tbody.append(newtr); if (elem.type === 'dir') { newtr.find('td.filename').attr('style','background-image:url('+OC.imagePath('core', 'filetypes/folder.png')+')'); |