Sanitize user input

author: Lukas Reschke <lukas@statuscode.ch> 2012-10-12 14:08:06 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2012-10-12 14:09:58 +0200
commit: e45f36c2d4161f59f9a87cc9b9c884e4600f42a8 (patch)
tree: d0823a586928aba246d7ca6d032336aecda2ef34 /apps/files_versions/js
parent: d7f43945e793bb9ec09ab7c40cc566e0221cf995 (diff)
download: nextcloud-server-e45f36c2d4161f59f9a87cc9b9c884e4600f42a8.tar.gz
nextcloud-server-e45f36c2d4161f59f9a87cc9b9c884e4600f42a8.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/files_versions/js/versions.js b/apps/files_versions/js/versions.js
index 87396cd0ba1..07c5655560e 100644
--- a/apps/files_versions/js/versions.js
+++ b/apps/files_versions/js/versions.js
@@ -45,7 +45,7 @@ function createVersionsDropdown(filename, files) {
 
 	var historyUrl = OC.linkTo('files_versions', 'history.php') + '?path='+encodeURIComponent( $( '#dir' ).val() ).replace( /%2F/g, '/' )+'/'+encodeURIComponent( filename );
 
-	var html = '<div id="dropdown" class="drop drop-versions" data-file="'+files+'">';
+	var html = '<div id="dropdown" class="drop drop-versions" data-file="'+escapeHTML(files)+'">';
 	html += '<div id="private">';
 	html += '<select data-placeholder="Saved versions" id="found_versions" class="chzen-select" style="width:16em;">';
 	html += '<option value=""></option>';
author	Lukas Reschke <lukas@statuscode.ch>	2012-10-12 14:08:06 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2012-10-12 14:09:58 +0200
commit	e45f36c2d4161f59f9a87cc9b9c884e4600f42a8 (patch)
tree	d0823a586928aba246d7ca6d032336aecda2ef34 /apps/files_versions/js
parent	d7f43945e793bb9ec09ab7c40cc566e0221cf995 (diff)
download	nextcloud-server-e45f36c2d4161f59f9a87cc9b9c884e4600f42a8.tar.gz nextcloud-server-e45f36c2d4161f59f9a87cc9b9c884e4600f42a8.zip