diff --git a/apps/calendar/ajax/events.php b/apps/calendar/ajax/events.php
index 39130a6a983f2ec3db0127dc559410f8ac0fc71b..845cea8df82a0e0b690b62b3d544551b38569687 100644
--- a/apps/calendar/ajax/events.php
+++ b/apps/calendar/ajax/events.php
@@ -31,4 +31,4 @@ $output = array();
foreach($events as $event){
$output = array_merge($output, OC_Calendar_App::generateEventOutput($event, $start, $end));
}
-OCP\JSON::encodedPrint($output);
+OCP\JSON::encodedPrint(OCP\Util::sanitizeHTML($output));
diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js
index 5136c3e77450bac2ea5ed4cf7bbeb4a03ce7cebb..3b1be59381bb47b5a335c1ab66f1bb956549c942 100644
--- a/apps/calendar/js/calendar.js
+++ b/apps/calendar/js/calendar.js
@@ -869,7 +869,7 @@ $(document).ready(function(){
eventDrop: Calendar.UI.moveEvent,
eventResize: Calendar.UI.resizeEvent,
eventRender: function(event, element) {
- element.find('.fc-event-title').html(element.find('.fc-event-title').text());
+ element.find('.fc-event-title').html(element.find('.fc-event-title').html());
element.tipsy({
className: 'tipsy-event',
opacity: 0.9,
diff --git a/apps/calendar/lib/object.php b/apps/calendar/lib/object.php
index 9e4806227b06561c894ca0b7c8007c3a17e4a2b1..4212bf5a32c1cf1095097628dfd769250d03c106 100644
--- a/apps/calendar/lib/object.php
+++ b/apps/calendar/lib/object.php
@@ -600,8 +600,8 @@ class OC_Calendar_Object{
public static function updateVCalendarFromRequest($request, $vcalendar)
{
- $title = strip_tags($request["title"]);
- $location = strip_tags($request["location"]);
+ $title = $request["title"];
+ $location = $request["location"];
$categories = $request["categories"];
$allday = isset($request["allday"]);
$from = $request["from"];
@@ -611,7 +611,7 @@ class OC_Calendar_Object{
$totime = $request['totime'];
}
$vevent = $vcalendar->VEVENT;
- $description = strip_tags($request["description"]);
+ $description = $request["description"];
$repeat = $request["repeat"];
if($repeat != 'doesnotrepeat'){
$rrule = '';