Added escaping html code when building link to documentation.

author: Thomas Pulzer <t.pulzer@kniel.de> 2016-07-05 06:59:11 +0200
committer: Thomas Pulzer <t.pulzer@kniel.de> 2016-07-05 06:59:11 +0200
commit: cf7afabf62d1e3f4c5856d7636e21496d7992257 (patch)
tree: 96b98ed151c28d050e54627992c98adc39e6f04c
parent: 52336b20385a2dadc80a33f2709edcce3547896f (diff)
download: nextcloud-server-cf7afabf62d1e3f4c5856d7636e21496d7992257.tar.gz
nextcloud-server-cf7afabf62d1e3f4c5856d7636e21496d7992257.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/updatenotification/js/notification.js b/apps/updatenotification/js/notification.js
index d5463174e4c..913a59e042c 100644
--- a/apps/updatenotification/js/notification.js
+++ b/apps/updatenotification/js/notification.js
@@ -18,7 +18,7 @@ $(document).ready(function(){
 		version = oc_updateState.updateVersion,
 		docLink = oc_updateState.updateLink,
 		text = t('core', '{version} is available. Get more information on how to update.', {version: version}),
-		element = $('<a href="'+docLink+'" target="_blank">'+text+'</a>');
+		element = $('<a href="'+escapeHTML(docLink)+'" target="_blank">'+escapeHTML(text)+'</a>');
 
 	OC.Notification.showTemporary(
 		element,
author	Thomas Pulzer <t.pulzer@kniel.de>	2016-07-05 06:59:11 +0200
committer	Thomas Pulzer <t.pulzer@kniel.de>	2016-07-05 06:59:11 +0200
commit	cf7afabf62d1e3f4c5856d7636e21496d7992257 (patch)
tree	96b98ed151c28d050e54627992c98adc39e6f04c
parent	52336b20385a2dadc80a33f2709edcce3547896f (diff)
download	nextcloud-server-cf7afabf62d1e3f4c5856d7636e21496d7992257.tar.gz nextcloud-server-cf7afabf62d1e3f4c5856d7636e21496d7992257.zip