Merge pull request #9040 from owncloud/fix-xss

Sanitize name of sharee
author: Morris Jobke <hey@morrisjobke.de> 2014-06-16 13:13:28 +0200
committer: Morris Jobke <hey@morrisjobke.de> 2014-06-16 13:13:28 +0200
commit: 4fbab3c12db8bc23c7a4891005c00f6f302ae9e3 (patch)
tree: 43450135e74d2ecb6a360c7be56b7ff8d1e8ba72 /core
parent: 3069091e619964408549a57be2a8f84e54feedbc (diff)
parent: 35740cf9412c92b649db97a0cf7549f740dcbd27 (diff)
download: nextcloud-server-4fbab3c12db8bc23c7a4891005c00f6f302ae9e3.tar.gz
nextcloud-server-4fbab3c12db8bc23c7a4891005c00f6f302ae9e3.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/core/js/share.js b/core/js/share.js
index dc808c295b9..e164602d0ab 100644
--- a/core/js/share.js
+++ b/core/js/share.js
@@ -199,10 +199,10 @@ OC.Share={
 			message = t('core', 'Shared');
 			// even if reshared, only show "Shared by"
 			if (owner) {
-				message = t('files_sharing', 'Shared by {owner}', {owner: owner});
+				message = t('files_sharing', 'Shared by {owner}', {owner: escapeHTML(owner)});
 			}
 			else if (recipients) {
-				message = t('core', 'Shared with {recipients}', {recipients: recipients});
+				message = t('core', 'Shared with {recipients}', {recipients: escapeHTML(recipients)});
 			}
 			action.html(' <span>'+ message + '</span>').prepend(img);
 		}
@@ -337,9 +337,9 @@ OC.Share={
 				var defaultExpireMessage = '';
 				if ((itemType === 'folder' || itemType === 'file') && oc_appconfig.core.defaultExpireDateEnabled) {
 					if (oc_appconfig.core.defaultExpireDateEnforced) {
-						defaultExpireMessage = t('core', 'The public link will expire no later than {days} days after it is created',  {'days': oc_appconfig.core.defaultExpireDate}) + '<br/>';
+						defaultExpireMessage = t('core', 'The public link will expire no later than {days} days after it is created',  {'days': escapeHTML(oc_appconfig.core.defaultExpireDate)}) + '<br/>';
 					} else {
-						defaultExpireMessage = t('core', 'By default the public link will expire after {days} days', {'days': oc_appconfig.core.defaultExpireDate}) + '<br/>';
+						defaultExpireMessage = t('core', 'By default the public link will expire after {days} days', {'days': escapeHTML(oc_appconfig.core.defaultExpireDate)}) + '<br/>';
 					}
 				}
 
@@ -537,7 +537,7 @@ OC.Share={
 			if (collectionList.length > 0) {
 				$(collectionList).append(', '+shareWithDisplayName);
 			} else {
-				var html = '<li style="clear: both;" data-collection="'+item+'">'+t('core', 'Shared in {item} with {user}', {'item': item, user: shareWithDisplayName})+'</li>';
+				var html = '<li style="clear: both;" data-collection="'+item+'">'+t('core', 'Shared in {item} with {user}', {'item': escapeHTML(item), user: escapeHTML(shareWithDisplayName)})+'</li>';
 				$('#shareWithList').prepend(html);
 			}
 		} else {
author	Morris Jobke <hey@morrisjobke.de>	2014-06-16 13:13:28 +0200
committer	Morris Jobke <hey@morrisjobke.de>	2014-06-16 13:13:28 +0200
commit	4fbab3c12db8bc23c7a4891005c00f6f302ae9e3 (patch)
tree	43450135e74d2ecb6a360c7be56b7ff8d1e8ba72 /core
parent	3069091e619964408549a57be2a8f84e54feedbc (diff)
parent	35740cf9412c92b649db97a0cf7549f740dcbd27 (diff)
download	nextcloud-server-4fbab3c12db8bc23c7a4891005c00f6f302ae9e3.tar.gz nextcloud-server-4fbab3c12db8bc23c7a4891005c00f6f302ae9e3.zip