Files: Fix XSS when creating dropshadow

author: Robin Appelman <icewind@owncloud.com> 2013-04-22 21:54:25 +0200
committer: Robin Appelman <icewind@owncloud.com> 2013-04-22 21:55:54 +0200
commit: 1507d1ef26ec92afbb3d603f9e0e2254dbd7d6c7 (patch)
tree: a79ba9d826ab36089d5a8e98f7d240aefb9fff2b /apps/files/js/files.js
parent: 2314067e75a637eac46ee3d915bf4e77bf0dac98 (diff)
download: nextcloud-server-1507d1ef26ec92afbb3d603f9e0e2254dbd7d6c7.tar.gz
nextcloud-server-1507d1ef26ec92afbb3d603f9e0e2254dbd7d6c7.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index 7e3caf71a03..a2d17fae7d2 100644
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -757,9 +757,9 @@ var createDragShadow = function(event){
 	var dir=$('#dir').val();
 
 	$(selectedFiles).each(function(i,elem){
-		var newtr = $('<tr data-dir="'+dir+'" data-filename="'+elem.name+'">'
-						+'<td class="filename">'+elem.name+'</td><td class="size">'+humanFileSize(elem.size)+'</td>'
-					 +'</tr>');
+		var newtr = $('<tr/>').attr('data-dir', dir).attr('data-filename', elem.name);
+		newtr.append($('<td/>').addClass('filename').text(elem.name));
+		newtr.append($('<td/>').addClass('size').text(humanFileSize(elem.size)));
 		tbody.append(newtr);
 		if (elem.type === 'dir') {
 			newtr.find('td.filename').attr('style','background-image:url('+OC.imagePath('core', 'filetypes/folder.png')+')');
author	Robin Appelman <icewind@owncloud.com>	2013-04-22 21:54:25 +0200
committer	Robin Appelman <icewind@owncloud.com>	2013-04-22 21:55:54 +0200
commit	1507d1ef26ec92afbb3d603f9e0e2254dbd7d6c7 (patch)
tree	a79ba9d826ab36089d5a8e98f7d240aefb9fff2b /apps/files/js/files.js
parent	2314067e75a637eac46ee3d915bf4e77bf0dac98 (diff)
download	nextcloud-server-1507d1ef26ec92afbb3d603f9e0e2254dbd7d6c7.tar.gz nextcloud-server-1507d1ef26ec92afbb3d603f9e0e2254dbd7d6c7.zip