diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-09-03 00:44:46 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-09-03 00:44:46 +0200 |
| commit | f9e90e92d4f97a3f00bf598800f829ea6d7f068d (patch) | |
| tree | 057c18a7e7a61fe8a4bf54c7bea4b9c8599a6db0 /lib/private | |
| parent | e2cc778947affa78278dcd50f42844ef1a9dc0d3 (diff) | |
| download | nextcloud-server-f9e90e92d4f97a3f00bf598800f829ea6d7f068d.tar.gz nextcloud-server-f9e90e92d4f97a3f00bf598800f829ea6d7f068d.zip | |
Encode HTML tags in JSON
While not encoding the HTML tags in the JSON response is perfectly fine since we set the proper mimetype as well as disable content sniffing a lot of automated code scanner do report this as security bug. Encoding them leads to less discussions and a lot of saved time.
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/json.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/json.php b/lib/private/json.php index e32e937c01a..ac72f02f609 100644 --- a/lib/private/json.php +++ b/lib/private/json.php @@ -167,6 +167,6 @@ class OC_JSON{ if (is_array($data)) { array_walk_recursive($data, array('OC_JSON', 'to_string')); } - return json_encode($data); + return json_encode($data, JSON_HEX_TAG); } } |