diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2014-01-10 15:02:26 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2014-01-10 15:02:26 +0100 |
| commit | 1042733634622b234beb52e24505d56a9883b4eb (patch) | |
| tree | 4300040f44d951823645d35d98e1b263de49fd07 /core/js/share.js | |
| parent | b24c21b00f0116e8749f37646cc25f798992bf05 (diff) | |
| download | nextcloud-server-1042733634622b234beb52e24505d56a9883b4eb.tar.gz nextcloud-server-1042733634622b234beb52e24505d56a9883b4eb.zip | |
Fixed various file name escaping issues in core apps
- Refactored file tr lookup into FileList.findFileEl that uses
filterAttr to avoid escaping issues in jQuery selectors
- Fixed versions and sharing app to properly escape file names in
attributes
Diffstat (limited to 'core/js/share.js')
| -rw-r--r-- | core/js/share.js | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/core/js/share.js b/core/js/share.js index 10ab5f47f27..3637d2e7e72 100644 --- a/core/js/share.js +++ b/core/js/share.js @@ -181,7 +181,8 @@ OC.Share={ }, showDropDown:function(itemType, itemSource, appendTo, link, possiblePermissions, filename) { var data = OC.Share.loadItem(itemType, itemSource); - var html = '<div id="dropdown" class="drop" data-item-type="'+itemType+'" data-item-source="'+itemSource+'"" data-item-source-name="'+filename+'">'; + var dropDownEl; + var html = '<div id="dropdown" class="drop" data-item-type="'+itemType+'" data-item-source="'+itemSource+'">'; if (data !== false && data.reshare !== false && data.reshare.uid_owner !== undefined) { if (data.reshare.share_type == OC.Share.SHARE_TYPE_GROUP) { html += '<span class="reshare">'+t('core', 'Shared with you and the group {group} by {owner}', {group: escapeHTML(data.reshare.share_with), owner: escapeHTML(data.reshare.displayname_owner)})+'</span>'; @@ -239,7 +240,8 @@ OC.Share={ html += '<input type="checkbox" name="expirationCheckbox" id="expirationCheckbox" value="1" /><label for="expirationCheckbox">'+t('core', 'Set expiration date')+'</label>'; html += '<input id="expirationDate" type="text" placeholder="'+t('core', 'Expiration date')+'" style="display:none; width:90%;" />'; html += '</div>'; - $(html).appendTo(appendTo); + dropDownEl = $(html); + dropDownEl = dropDownEl.appendTo(appendTo); // Reset item shares OC.Share.itemShares = []; if (data.shares) { @@ -332,8 +334,10 @@ OC.Share={ } else { html += '<input id="shareWith" type="text" placeholder="'+t('core', 'Resharing is not allowed')+'" style="width:90%;" disabled="disabled"/>'; html += '</div>'; - $(html).appendTo(appendTo); + dropDownEl = $(html); + dropDownEl.appendTo(appendTo); } + dropDownEl.attr('data-item-source-name', filename); $('#dropdown').show('blind', function() { OC.Share.droppedDown = true; }); |