diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2019-01-14 15:18:47 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-14 15:18:47 +0100 |
| commit | 86d30835af2a91e7d51a67c34de5ef77ce079b72 (patch) | |
| tree | 2c3326498be5d8904bb39d5b933a840c63aed55d | |
| parent | 36b8c9aaef34544865a244fb53bc31d221092b70 (diff) | |
| parent | 86e6cebc18b63162b92f94d7b37e33f5f9c68175 (diff) | |
| download | nextcloud-server-86d30835af2a91e7d51a67c34de5ef77ce079b72.tar.gz nextcloud-server-86d30835af2a91e7d51a67c34de5ef77ce079b72.zip | |
Merge pull request #13581 from nextcloud/bugfix/13576/correctly-escape-html
Correctly handle displaynames returned from the sharee API
| -rw-r--r-- | core/js/sharedialogview.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/core/js/sharedialogview.js b/core/js/sharedialogview.js index a433570b13d..eabcf2f3b24 100644 --- a/core/js/sharedialogview.js +++ b/core/js/sharedialogview.js @@ -477,7 +477,7 @@ autocompleteRenderItem: function(ul, item) { var icon = 'icon-user'; - var text = item.label; + var text = escapeHTML(item.label); var description = ''; var type = ''; var getTranslatedType = function(type) { @@ -497,7 +497,7 @@ } if (typeof item.name !== 'undefined') { - text = item.name; + text = escapeHTML(item.name); } if (item.value.shareType === OC.Share.SHARE_TYPE_GROUP) { icon = 'icon-contacts-dark'; |