summaryrefslogtreecommitdiffstats
path: root/settings/js
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2013-02-14 10:50:46 -0800
committerLukas Reschke <lukas@statuscode.ch>2013-02-14 10:50:46 -0800
commit5624f1b838575fc26d45d97e7aa6ea2f58bf29e3 (patch)
tree6f232b0bd32c93a9423f8b1d79073be4848f2558 /settings/js
parent7f1b8274a895972b9e850e90b56797c42adae30e (diff)
parentc7094197bfe4b6702397e147847ef9cfd8d21b63 (diff)
downloadnextcloud-server-5624f1b838575fc26d45d97e7aa6ea2f58bf29e3.tar.gz
nextcloud-server-5624f1b838575fc26d45d97e7aa6ea2f58bf29e3.zip
Merge pull request #1701 from owncloud/XSS-fixes
Sanitize HTML
Diffstat (limited to 'settings/js')
-rw-r--r--settings/js/users.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/settings/js/users.js b/settings/js/users.js
index da18b4be836..086b0884a3b 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -308,7 +308,7 @@ $(document).ready(function () {
event.stopPropagation();
var img = $(this);
var uid = img.parent().parent().attr('data-uid');
- var displayName = img.parent().parent().attr('data-displayName');
+ var displayName = escapeHTML(img.parent().parent().attr('data-displayName'));
var input = $('<input type="text" value="' + displayName + '">');
img.css('display', 'none');
img.parent().children('span').replaceWith(input);
@@ -329,7 +329,7 @@ $(document).ready(function () {
}
});
input.blur(function () {
- $(this).replaceWith($(this).val());
+ $(this).replaceWith(escapeHTML($(this).val()));
img.css('display', '');
});
});