From 78c0cc6089b584db08871108a979f72c1245dc1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20M=C3=BCller?= <thomas.mueller@tmit.eu>
Date: Fri, 9 May 2014 23:12:26 +0200
Subject: [PATCH] escape display name and email

---
 core/js/share.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/js/share.js b/core/js/share.js
index 2813570f718..372f3513799 100644
--- a/core/js/share.js
+++ b/core/js/share.js
@@ -348,7 +348,7 @@ OC.Share={
 				})
 				.data("ui-autocomplete")._renderItem = function( ul, item ) {
 					return $( "<li>" )
-						.append( "<a>" + item.displayname + "<br>" + item.email + "</a>" )
+						.append( "<a>" + escapeHTML(item.displayname) + "<br>" + escapeHTML(item.email) + "</a>" )
 						.appendTo( ul );
 				};
 			}