open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Sanitize HTML

Browse Source
remotes/origin/stable5
Lukas Reschke 12 years ago
parent f4c9d4c067
commit c7094197bf
2 changed files with 3 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      core/templates/layout.user.php
  2. 4
      settings/js/users.js

2
core/templates/layout.user.php
Unescape View File

@ -31,7 +31,7 @@
<ul id="settings" class="svg">
<span id="expand">
<?php echo OCP\User::getDisplayName($user=null)?OCP\User::getDisplayName($user=null):(OC_User::getUser()?OC_User::getUser():'') ?>
<?php echo OCP\User::getDisplayName($user=null)?OC_Util::sanitizeHTML(OCP\User::getDisplayName($user=null)):(OC_User::getUser()?OC_User::getUser():'') ?>
<img class="svg" src="<?php echo image_path('', 'actions/caret.svg'); ?>" />
</span>
<div id="expanddiv">

4
settings/js/users.js
Unescape View File

@ -308,7 +308,7 @@ $(document).ready(function () {
event.stopPropagation();
var img = $(this);
var uid = img.parent().parent().attr('data-uid');
var displayName = img.parent().parent().attr('data-displayName');
var displayName = escapeHTML(img.parent().parent().attr('data-displayName'));
var input = $('<input type="text" value="' + displayName + '">');
img.css('display', 'none');
img.parent().children('span').replaceWith(input);
@ -329,7 +329,7 @@ $(document).ready(function () {
}
});
input.blur(function () {
$(this).replaceWith($(this).val());
$(this).replaceWith(escapeHTML($(this).val()));
img.css('display', '');
});
});

Write Preview
Loading…
Cancel
Save