Sanitize name of sharee

Fixes a XSS introduced with https://github.com/owncloud/core/commit/271684dcfec16122b88e03780b41af7120f27e45
author: Lukas Reschke <lukas@statuscode.ch> 2014-06-14 20:45:10 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2014-06-14 20:45:10 +0200
commit: 1066f4ec9a47a214e19f16d3fd11947c3c29643c (patch)
tree: f00a55533ce01805822723461eac36317b12a3a6 /apps/files_sharing/js
parent: 01de7b8b9e9227503390aff0d9eea1b6151c8453 (diff)
download: nextcloud-server-1066f4ec9a47a214e19f16d3fd11947c3c29643c.tar.gz
nextcloud-server-1066f4ec9a47a214e19f16d3fd11947c3c29643c.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/files_sharing/js/share.js b/apps/files_sharing/js/share.js
index 47fe0bd2c57..0999bfd6bed 100644
--- a/apps/files_sharing/js/share.js
+++ b/apps/files_sharing/js/share.js
@@ -57,7 +57,7 @@
 									' data-action="Share-Notification" href="#" original-title="">' +
 									' <img class="svg" src="' + OC.imagePath('core', 'actions/share') + '"></img>';
 							$tr.find('.fileactions').append(function() {
-								var shareBy = t('files_sharing', 'Shared by {owner}', {owner: fileData.shareOwner});
+								var shareBy = t('files_sharing', 'Shared by {owner}', {owner: escapeHTML(fileData.shareOwner)});
 								var $result = $(shareNotification + '<span> ' + shareBy + '</span></span>');
 								$result.on('click', function() {
 									return false;
author	Lukas Reschke <lukas@statuscode.ch>	2014-06-14 20:45:10 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2014-06-14 20:45:10 +0200
commit	1066f4ec9a47a214e19f16d3fd11947c3c29643c (patch)
tree	f00a55533ce01805822723461eac36317b12a3a6 /apps/files_sharing/js
parent	01de7b8b9e9227503390aff0d9eea1b6151c8453 (diff)
download	nextcloud-server-1066f4ec9a47a214e19f16d3fd11947c3c29643c.tar.gz nextcloud-server-1066f4ec9a47a214e19f16d3fd11947c3c29643c.zip