From ca495758bd8bcbea66f00296d36d87f66cd5f4a8 Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Wed, 14 Aug 2013 23:06:43 +0200
Subject: [PATCH] Fix octemplate string escaping.

---
 core/js/octemplate.js | 8 ++++----
 lib/base.php          | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/core/js/octemplate.js b/core/js/octemplate.js
index e69c6cc56e..f7ee316f3b 100644
--- a/core/js/octemplate.js
+++ b/core/js/octemplate.js
@@ -60,9 +60,9 @@
 			var self = this;
 
 			if(typeof this.options.escapeFunction === 'function') {
-				for (var key = 0; key < this.vars.length; key++) {
-					if(typeof this.vars[key] === 'string') {
-						this.vars[key] = self.options.escapeFunction(this.vars[key]);
+				for (var key = 0; key < Object.keys(this.vars).length; key++) {
+					if(typeof this.vars[Object.keys(this.vars)[key]] === 'string') {
+						this.vars[Object.keys(this.vars)[key]] = self.options.escapeFunction(this.vars[Object.keys(this.vars)[key]]);
 					}
 				}
 			}
@@ -85,7 +85,7 @@
 			}
 		},
 		options: {
-			escapeFunction: function(str) {return $('<i></i>').text(str).html();}
+			escapeFunction: escapeHTML
 		}
 	};
 
diff --git a/lib/base.php b/lib/base.php
index eaee842465..18c172759b 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -257,8 +257,8 @@ class OC {
 		OC_Util::addScript("compatibility");
 		OC_Util::addScript("jquery.ocdialog");
 		OC_Util::addScript("oc-dialogs");
-		OC_Util::addScript("octemplate");
 		OC_Util::addScript("js");
+		OC_Util::addScript("octemplate");
 		OC_Util::addScript("eventsource");
 		OC_Util::addScript("config");
 		//OC_Util::addScript( "multiselect" );
-- 
GitLab