Merge pull request #8526 from owncloud/escape-share-emails-master

escape display name and email
author: Vincent Petry <pvince81@owncloud.com> 2014-05-13 10:29:54 +0200
committer: Vincent Petry <pvince81@owncloud.com> 2014-05-13 10:29:54 +0200
commit: c06063255f8d93b32452e19819f39cb53d5d4ae3 (patch)
tree: d3ae280dafecc54f4f507f6d18a6a9add2f2def1 /core
parent: e3f6abf1f012ad06fc4a22acd9b2999ed620c6ee (diff)
parent: 1c731aacafdc80bb480d2c291d284005c7ab95c4 (diff)
download: nextcloud-server-c06063255f8d93b32452e19819f39cb53d5d4ae3.tar.gz
nextcloud-server-c06063255f8d93b32452e19819f39cb53d5d4ae3.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/core/js/share.js b/core/js/share.js
index 2813570f718..54da171b726 100644
--- a/core/js/share.js
+++ b/core/js/share.js
@@ -347,8 +347,8 @@ OC.Share={
 					}
 				})
 				.data("ui-autocomplete")._renderItem = function( ul, item ) {
-					return $( "<li>" )
-						.append( "<a>" + item.displayname + "<br>" + item.email + "</a>" )
+					return $('<li>')
+						.append('<a>' + escapeHTML(item.displayname) + "<br>" + escapeHTML(item.email) + '</a>' )
 						.appendTo( ul );
 				};
 			}
author	Vincent Petry <pvince81@owncloud.com>	2014-05-13 10:29:54 +0200
committer	Vincent Petry <pvince81@owncloud.com>	2014-05-13 10:29:54 +0200
commit	c06063255f8d93b32452e19819f39cb53d5d4ae3 (patch)
tree	d3ae280dafecc54f4f507f6d18a6a9add2f2def1 /core
parent	e3f6abf1f012ad06fc4a22acd9b2999ed620c6ee (diff)
parent	1c731aacafdc80bb480d2c291d284005c7ab95c4 (diff)
download	nextcloud-server-c06063255f8d93b32452e19819f39cb53d5d4ae3.tar.gz nextcloud-server-c06063255f8d93b32452e19819f39cb53d5d4ae3.zip