Merge pull request #9040 from owncloud/fix-xss

Sanitize name of sharee
author: Morris Jobke <hey@morrisjobke.de> 2014-06-16 13:13:28 +0200
committer: Morris Jobke <hey@morrisjobke.de> 2014-06-16 13:13:28 +0200
commit: 4fbab3c12db8bc23c7a4891005c00f6f302ae9e3 (patch)
tree: 43450135e74d2ecb6a360c7be56b7ff8d1e8ba72 /apps
parent: 3069091e619964408549a57be2a8f84e54feedbc (diff)
parent: 35740cf9412c92b649db97a0cf7549f740dcbd27 (diff)
download: nextcloud-server-4fbab3c12db8bc23c7a4891005c00f6f302ae9e3.tar.gz
nextcloud-server-4fbab3c12db8bc23c7a4891005c00f6f302ae9e3.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/files_sharing/js/share.js b/apps/files_sharing/js/share.js
index 47fe0bd2c57..0999bfd6bed 100644
--- a/apps/files_sharing/js/share.js
+++ b/apps/files_sharing/js/share.js
@@ -57,7 +57,7 @@
 									' data-action="Share-Notification" href="#" original-title="">' +
 									' <img class="svg" src="' + OC.imagePath('core', 'actions/share') + '"></img>';
 							$tr.find('.fileactions').append(function() {
-								var shareBy = t('files_sharing', 'Shared by {owner}', {owner: fileData.shareOwner});
+								var shareBy = t('files_sharing', 'Shared by {owner}', {owner: escapeHTML(fileData.shareOwner)});
 								var $result = $(shareNotification + '<span> ' + shareBy + '</span></span>');
 								$result.on('click', function() {
 									return false;
author	Morris Jobke <hey@morrisjobke.de>	2014-06-16 13:13:28 +0200
committer	Morris Jobke <hey@morrisjobke.de>	2014-06-16 13:13:28 +0200
commit	4fbab3c12db8bc23c7a4891005c00f6f302ae9e3 (patch)
tree	43450135e74d2ecb6a360c7be56b7ff8d1e8ba72 /apps
parent	3069091e619964408549a57be2a8f84e54feedbc (diff)
parent	35740cf9412c92b649db97a0cf7549f740dcbd27 (diff)
download	nextcloud-server-4fbab3c12db8bc23c7a4891005c00f6f302ae9e3.tar.gz nextcloud-server-4fbab3c12db8bc23c7a4891005c00f6f302ae9e3.zip