Merge pull request #8187 from owncloud/escape-more-character

Also encode > and '
author: Morris Jobke <hey@morrisjobke.de> 2014-06-02 10:59:47 +0200
committer: Morris Jobke <hey@morrisjobke.de> 2014-06-02 10:59:47 +0200
commit: 27c8c87e94ed0b4c2d7e77030b85f6f18b1bd0ad (patch)
tree: 163d5238dfa0b19f3b85fc30177d378756d88e2d /core/js/js.js
parent: d39216c5e76b32c496ff39c19bddfbc4fa4247ac (diff)
parent: 603b6c13b4a187766b33b49c7923399e78e18295 (diff)
download: nextcloud-server-27c8c87e94ed0b4c2d7e77030b85f6f18b1bd0ad.tar.gz
nextcloud-server-27c8c87e94ed0b4c2d7e77030b85f6f18b1bd0ad.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/core/js/js.js b/core/js/js.js
index cf35d8aac6a..21a2d4c1b35 100644
--- a/core/js/js.js
+++ b/core/js/js.js
@@ -154,7 +154,7 @@ function n(app, text_singular, text_plural, count, vars) {
 * @return {string} Sanitized string
 */
 function escapeHTML(s) {
-	return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('"').join('&quot;');
+	return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('>').join('&gt;').split('"').join('&quot;').split('\'').join('&#039;');
 }
 
 /**
author	Morris Jobke <hey@morrisjobke.de>	2014-06-02 10:59:47 +0200
committer	Morris Jobke <hey@morrisjobke.de>	2014-06-02 10:59:47 +0200
commit	27c8c87e94ed0b4c2d7e77030b85f6f18b1bd0ad (patch)
tree	163d5238dfa0b19f3b85fc30177d378756d88e2d /core/js/js.js
parent	d39216c5e76b32c496ff39c19bddfbc4fa4247ac (diff)
parent	603b6c13b4a187766b33b49c7923399e78e18295 (diff)
download	nextcloud-server-27c8c87e94ed0b4c2d7e77030b85f6f18b1bd0ad.tar.gz nextcloud-server-27c8c87e94ed0b4c2d7e77030b85f6f18b1bd0ad.zip