Sanitize user input

author: Lukas Reschke <lukas@statuscode.ch> 2013-02-18 08:04:35 +0100
committer: Lukas Reschke <lukas@statuscode.ch> 2013-02-18 08:04:35 +0100
commit: a984a27fa09adf24e6b846ec3e412b8d7d95e532 (patch)
tree: c2cd8a5f9edae4674122f2efad1e42b86b4b3e4c /settings
parent: 3b9796bfcce38e6e4138ffc68f5a2ff6e34492a0 (diff)
download: nextcloud-server-a984a27fa09adf24e6b846ec3e412b8d7d95e532.tar.gz
nextcloud-server-a984a27fa09adf24e6b846ec3e412b8d7d95e532.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/settings/js/users.js b/settings/js/users.js
index 086b0884a3b..63a62049839 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -182,7 +182,7 @@ var UserList = {
 			var addGroup = function (select, group) {
 				$('select[multiple]').each(function (index, element) {
 					if ($(element).find('option[value="' + group + '"]').length === 0 && select.data('msid') !== $(element).data('msid')) {
-						$(element).append('<option value="' + group + '">' + group + '</option>');
+						$(element).append('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>');
 					}
 				})
 			};
author	Lukas Reschke <lukas@statuscode.ch>	2013-02-18 08:04:35 +0100
committer	Lukas Reschke <lukas@statuscode.ch>	2013-02-18 08:04:35 +0100
commit	a984a27fa09adf24e6b846ec3e412b8d7d95e532 (patch)
tree	c2cd8a5f9edae4674122f2efad1e42b86b4b3e4c /settings
parent	3b9796bfcce38e6e4138ffc68f5a2ff6e34492a0 (diff)
download	nextcloud-server-a984a27fa09adf24e6b846ec3e412b8d7d95e532.tar.gz nextcloud-server-a984a27fa09adf24e6b846ec3e412b8d7d95e532.zip