open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #16599 from nextcloud/fix/xss/on-favorite-file

Browse Source 
Fix/xss/on favorite file
pull/16616/head
Roeland Jago Douma 6 years ago committed by GitHub
parent a3bf8ac339 4977f235f6
commit 53330ce1fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      apps/files/js/tagsplugin.js
  2. 2
      apps/theming/js/3rdparty/jscolor/jscolor.js

2
apps/files/js/tagsplugin.js
Unescape View File

@ -103,7 +103,7 @@
var innerTagA = document.createElement('A');
innerTagA.setAttribute("href", url);
innerTagA.setAttribute("class", "nav-icon-files svg");
innerTagA.innerHTML = appName;
innerTagA.innerHTML = _.escape(appName);
var length = listLIElements.length + 1;
var innerTagLI = document.createElement('li');

2
apps/theming/js/3rdparty/jscolor/jscolor.js vendored
Unescape View File

@ -1100,7 +1100,7 @@ var jsc = {
if (jsc.isElementType(this.valueElement, 'input')) {
this.valueElement.value = value;
} else {
this.valueElement.innerHTML = value;
this.valueElement.innerHTML = _.escape(value);
}
}
if (!(flags & jsc.leaveStyle)) {

Write Preview
Loading…
Cancel
Save