upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 54

Contacts: Fix XSS.

Browse source
This commit is contained in:
Thomas Tanghus 2012-05-28 14:38:31 +02:00
parent 1eebbaebdb
commit 817f9ff57d
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apps/contacts/js/contacts.js
View file

@ -6,7 +6,7 @@ function ucwords (str) {
String.prototype.strip_tags = function(){
tags = this;
stripped = tags.replace(/[\<\>]/gi, "");
stripped = tags.replace(/<(.|\n)*?>/g, '');
return stripped;
};
@ -159,7 +159,7 @@ Contacts={
// Name has changed. Update it and reorder.
$('#fn').change(function(){
var name = $('#fn').val();
var name = $('#fn').val().strip_tags();
var item = $('#contacts [data-id="'+Contacts.UI.Card.id+'"]');
$(item).find('a').html(name);
var added = false;