Merge pull request #16610 from nextcloud/backport/16599/stable16
[stable16] Fix/xss/on favorite file
This commit is contained in:
commit
07d32779db
2 changed files with 2 additions and 2 deletions
|
@ -103,7 +103,7 @@
|
|||
var innerTagA = document.createElement('A');
|
||||
innerTagA.setAttribute("href", url);
|
||||
innerTagA.setAttribute("class", "nav-icon-files svg");
|
||||
innerTagA.innerHTML = appName;
|
||||
innerTagA.innerHTML = _.escape(appName);
|
||||
|
||||
var length = listLIElements.length + 1;
|
||||
var innerTagLI = document.createElement('li');
|
||||
|
|
2
apps/theming/js/3rdparty/jscolor/jscolor.js
vendored
2
apps/theming/js/3rdparty/jscolor/jscolor.js
vendored
|
@ -1100,7 +1100,7 @@ var jsc = {
|
|||
if (jsc.isElementType(this.valueElement, 'input')) {
|
||||
this.valueElement.value = value;
|
||||
} else {
|
||||
this.valueElement.innerHTML = value;
|
||||
this.valueElement.innerHTML = _.escape(value);
|
||||
}
|
||||
}
|
||||
if (!(flags & jsc.leaveStyle)) {
|
||||
|
|
Loading…
Reference in a new issue