upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

fix XSS when adding a file with a malicious name to favorites

Browse source 
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
This commit is contained in:
Max Fichtelmann 2019-07-29 17:44:01 +02:00
parent e21f440990
commit 1d29636008
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/files/js/tagsplugin.js
View file

@ -103,7 +103,7 @@
var innerTagA = document.createElement('A');
innerTagA.setAttribute("href", url);
innerTagA.setAttribute("class", "nav-icon-files svg");
innerTagA.innerHTML = appName;
innerTagA.innerHTML = _.escape(appName);
var length = listLIElements.length + 1;
var innerTagLI = document.createElement('li');