From 9cb01bd0931dc081c27906897af0235f9746a9ef Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle <schiessle@owncloud.com> Date: Tue, 26 Jun 2012 14:27:50 +0200 Subject: [PATCH] xss fix --- apps/files_texteditor/js/editor.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/files_texteditor/js/editor.js b/apps/files_texteditor/js/editor.js index 9d168c1c4f..70bb74a910 100644 --- a/apps/files_texteditor/js/editor.js +++ b/apps/files_texteditor/js/editor.js @@ -67,7 +67,7 @@ function setSyntaxMode(ext){ function showControls(filename,writeperms){ // Loads the control bar at the top. // Load the new toolbar. - var editorbarhtml = '<div id="editorcontrols" style="display: none;"><div class="crumb svg last" id="breadcrumb_file" style="background-image:url("'+OC.imagePath('core','breadcrumb.png')+'")"><p>'+filename+'</p></div>'; + var editorbarhtml = '<div id="editorcontrols" style="display: none;"><div class="crumb svg last" id="breadcrumb_file" style="background-image:url("'+OC.imagePath('core','breadcrumb.png')+'")"><p>'+filename.replace(/</, "<").replace(/>/, ">")+'</p></div>'; if(writeperms=="true"){ editorbarhtml += '<button id="editor_save">'+t('files_texteditor','Save')+'</button><div class="separator"></div>'; } -- GitLab