From 0217315a24d5d06f6fc3f0304460eeb9a0bbf143 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sat, 29 Jun 2013 13:24:05 +0200
Subject: [PATCH] Escape dropdown

Fixes #3241
---
 core/js/share.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/js/share.js b/core/js/share.js
index cb37dd7036..588202d227 100644
--- a/core/js/share.js
+++ b/core/js/share.js
@@ -149,9 +149,9 @@ OC.Share={
 		var html = '<div id="dropdown" class="drop" data-item-type="'+itemType+'" data-item-source="'+itemSource+'">';
 		if (data !== false && data.reshare !== false && data.reshare.uid_owner !== undefined) {
 			if (data.reshare.share_type == OC.Share.SHARE_TYPE_GROUP) {
-				html += '<span class="reshare">'+t('core', 'Shared with you and the group {group} by {owner}', {group: data.reshare.share_with, owner: data.reshare.displayname_owner})+'</span>';
+				html += '<span class="reshare">'+t('core', 'Shared with you and the group {group} by {owner}', {group: escapeHTML(data.reshare.share_with), owner: escapeHTML(data.reshare.displayname_owner)})+'</span>';
 			} else {
-				html += '<span class="reshare">'+t('core', 'Shared with you by {owner}', {owner: data.reshare.displayname_owner})+'</span>';
+				html += '<span class="reshare">'+t('core', 'Shared with you by {owner}', {owner: escapeHTML(data.reshare.displayname_owner)})+'</span>';
 			}
 			html += '<br />';
 		}
-- 
GitLab