open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

prevent xss attacks by manipulating text file names

Browse Source
remotes/origin/stable4
Bjoern Schiessle 13 years ago
parent ca64a4080f
commit d5566d0267
1 changed files with 1 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      apps/files_texteditor/js/editor.js

2
apps/files_texteditor/js/editor.js
Unescape View File

@ -67,7 +67,7 @@ function setSyntaxMode(ext){
function showControls(filename,writeperms){
// Loads the control bar at the top.
// Load the new toolbar.
var editorbarhtml = '<div id="editorcontrols" style="display: none;"><div class="crumb svg last" id="breadcrumb_file" style="background-image:url(&quot;'+OC.imagePath('core','breadcrumb.png')+'&quot;)"><p>'+filename+'</p></div>';
var editorbarhtml = '<div id="editorcontrols" style="display: none;"><div class="crumb svg last" id="breadcrumb_file" style="background-image:url(&quot;'+OC.imagePath('core','breadcrumb.png')+'&quot;)"><p>'+filename.replace(/</, "&lt;").replace(/>/, "&gt;")+'</p></div>';
if(writeperms=="true"){
editorbarhtml += '<button id="editor_save">'+t('files_texteditor','Save')+'</button><div class="separator"></div>';
}

Write Preview
Loading…
Cancel
Save