diff options
| author | Max Fichtelmann <max.fichtelmann@procilon.de> | 2019-07-29 17:48:33 +0200 |
|---|---|---|
| committer | Max Fichtelmann <max.fichtelmann@procilon.de> | 2019-07-29 18:16:37 +0200 |
| commit | 4977f235f60a4ae4257f79b7d96d3cf109850072 (patch) | |
| tree | 66c752ef75d3e841ee7b2e07f317c35368720f92 /apps/theming/js | |
| parent | 1d29636008957ea39f9be06d38bb5998f699e798 (diff) | |
| download | nextcloud-server-4977f235f60a4ae4257f79b7d96d3cf109850072.tar.gz nextcloud-server-4977f235f60a4ae4257f79b7d96d3cf109850072.zip | |
prevent potential XSS via unchecked use innerHTML
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
Diffstat (limited to 'apps/theming/js')
| -rw-r--r-- | apps/theming/js/3rdparty/jscolor/jscolor.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/theming/js/3rdparty/jscolor/jscolor.js b/apps/theming/js/3rdparty/jscolor/jscolor.js index 2bdd4607b41..cad36eab92a 100644 --- a/apps/theming/js/3rdparty/jscolor/jscolor.js +++ b/apps/theming/js/3rdparty/jscolor/jscolor.js @@ -1100,7 +1100,7 @@ var jsc = { if (jsc.isElementType(this.valueElement, 'input')) { this.valueElement.value = value; } else { - this.valueElement.innerHTML = value; + this.valueElement.innerHTML = _.escape(value); } } if (!(flags & jsc.leaveStyle)) { |