From 1507d1ef26ec92afbb3d603f9e0e2254dbd7d6c7 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Mon, 22 Apr 2013 21:54:25 +0200
Subject: [PATCH] Files: Fix XSS when creating dropshadow

---
 apps/files/js/files.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index 7e3caf71a0..a2d17fae7d 100644
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -757,9 +757,9 @@ var createDragShadow = function(event){
 	var dir=$('#dir').val();
 
 	$(selectedFiles).each(function(i,elem){
-		var newtr = $('<tr data-dir="'+dir+'" data-filename="'+elem.name+'">'
-						+'<td class="filename">'+elem.name+'</td><td class="size">'+humanFileSize(elem.size)+'</td>'
-					 +'</tr>');
+		var newtr = $('<tr/>').attr('data-dir', dir).attr('data-filename', elem.name);
+		newtr.append($('<td/>').addClass('filename').text(elem.name));
+		newtr.append($('<td/>').addClass('size').text(humanFileSize(elem.size)));
 		tbody.append(newtr);
 		if (elem.type === 'dir') {
 			newtr.find('td.filename').attr('style','background-image:url('+OC.imagePath('core', 'filetypes/folder.png')+')');
-- 
GitLab