properly escape variable

author: Jan-Christoph Borchardt <hey@jancborchardt.net> 2014-12-18 17:19:23 +0100
committer: Jan-Christoph Borchardt <hey@jancborchardt.net> 2014-12-18 17:19:23 +0100
commit: cd81687a38c4f46c6665e640a352ba7adcd1f243 (patch)
tree: 334be1c57f392269aaa4cda1673248c014449be9
parent: 96ae18db59084d0494d13ab63f7bc5e02080e8e3 (diff)
download: nextcloud-server-cd81687a38c4f46c6665e640a352ba7adcd1f243.tar.gz
nextcloud-server-cd81687a38c4f46c6665e640a352ba7adcd1f243.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/files/js/file-upload.js b/apps/files/js/file-upload.js
index a67a3598820..c8b3a150caa 100644
--- a/apps/files/js/file-upload.js
+++ b/apps/files/js/file-upload.js
@@ -579,7 +579,7 @@ OC.Upload = {
 				input.val(newName);
 				input.attr('id', fileType);
 			}
-			var label = $('<label class="hidden-visually" for="">' + newName + '</label>');
+			var label = $('<label class="hidden-visually" for="">' + escapeHTML(newName) + '</label>');
 			label.attr('for', fileType);
 
 			form.append(label).append(input);
author	Jan-Christoph Borchardt <hey@jancborchardt.net>	2014-12-18 17:19:23 +0100
committer	Jan-Christoph Borchardt <hey@jancborchardt.net>	2014-12-18 17:19:23 +0100
commit	cd81687a38c4f46c6665e640a352ba7adcd1f243 (patch)
tree	334be1c57f392269aaa4cda1673248c014449be9
parent	96ae18db59084d0494d13ab63f7bc5e02080e8e3 (diff)
download	nextcloud-server-cd81687a38c4f46c6665e640a352ba7adcd1f243.tar.gz nextcloud-server-cd81687a38c4f46c6665e640a352ba7adcd1f243.zip