Sanitize HTML

author: Lukas Reschke <lukas@statuscode.ch> 2013-02-14 18:15:14 +0100
committer: Lukas Reschke <lukas@statuscode.ch> 2013-02-14 18:15:14 +0100
commit: c7094197bfe4b6702397e147847ef9cfd8d21b63 (patch)
tree: 5d2503797a873156b1f700cf041f0247c31867dd /settings
parent: f4c9d4c06797a5c9e2f30d20a8e13686e98dd7f9 (diff)
download: nextcloud-server-c7094197bfe4b6702397e147847ef9cfd8d21b63.tar.gz
nextcloud-server-c7094197bfe4b6702397e147847ef9cfd8d21b63.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/settings/js/users.js b/settings/js/users.js
index da18b4be836..086b0884a3b 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -308,7 +308,7 @@ $(document).ready(function () {
 		event.stopPropagation();
 		var img = $(this);
 		var uid = img.parent().parent().attr('data-uid');
-		var displayName = img.parent().parent().attr('data-displayName');
+		var displayName = escapeHTML(img.parent().parent().attr('data-displayName'));
 		var input = $('<input type="text" value="' + displayName + '">');
 		img.css('display', 'none');
 		img.parent().children('span').replaceWith(input);
@@ -329,7 +329,7 @@ $(document).ready(function () {
 			}
 		});
 		input.blur(function () {
-			$(this).replaceWith($(this).val());
+			$(this).replaceWith(escapeHTML($(this).val()));
 			img.css('display', '');
 		});
 	});
author	Lukas Reschke <lukas@statuscode.ch>	2013-02-14 18:15:14 +0100
committer	Lukas Reschke <lukas@statuscode.ch>	2013-02-14 18:15:14 +0100
commit	c7094197bfe4b6702397e147847ef9cfd8d21b63 (patch)
tree	5d2503797a873156b1f700cf041f0247c31867dd /settings
parent	f4c9d4c06797a5c9e2f30d20a8e13686e98dd7f9 (diff)
download	nextcloud-server-c7094197bfe4b6702397e147847ef9cfd8d21b63.tar.gz nextcloud-server-c7094197bfe4b6702397e147847ef9cfd8d21b63.zip