diff --git a/core/js/dist/login.js b/core/js/dist/login.js
index 257567b576..48b90ddac7 100644
Binary files a/core/js/dist/login.js and b/core/js/dist/login.js differ
diff --git a/core/js/dist/login.js.map b/core/js/dist/login.js.map
index 8edb3306ef..4f06b284f1 100644
Binary files a/core/js/dist/login.js.map and b/core/js/dist/login.js.map differ
diff --git a/core/js/dist/main.js b/core/js/dist/main.js
index 679cccbe37..8fe286ff54 100644
Binary files a/core/js/dist/main.js and b/core/js/dist/main.js differ
diff --git a/core/js/dist/main.js.map b/core/js/dist/main.js.map
index 62402e3c1d..11fe040a8f 100644
Binary files a/core/js/dist/main.js.map and b/core/js/dist/main.js.map differ
diff --git a/core/js/dist/maintenance.js b/core/js/dist/maintenance.js
index cd7ef22a6b..7ea1478575 100644
Binary files a/core/js/dist/maintenance.js and b/core/js/dist/maintenance.js differ
diff --git a/core/js/dist/maintenance.js.map b/core/js/dist/maintenance.js.map
index 19d155778e..a7b2fabde3 100644
Binary files a/core/js/dist/maintenance.js.map and b/core/js/dist/maintenance.js.map differ
diff --git a/core/js/tests/specs/coreSpec.js b/core/js/tests/specs/coreSpec.js
index f8c0e64a42..70c8a27c14 100644
--- a/core/js/tests/specs/coreSpec.js
+++ b/core/js/tests/specs/coreSpec.js
@@ -132,17 +132,6 @@ describe('Core base tests', function() {
expect(OC.dirname('/subdir/')).toEqual('/subdir');
});
});
- describe('escapeHTML', function() {
- it('Returns nothing if no string was given', function() {
- expect(escapeHTML('')).toEqual('');
- });
- it('Returns a sanitized string if a string containing HTML is given', function() {
- expect(escapeHTML('There needs to be a for it!')).toEqual('There needs to be a <script>alert("Unit" + 'test')</script> for it!');
- });
- it('Returns the string without modification if no potentially dangerous character is passed.', function() {
- expect(escapeHTML('This is a good string without HTML.')).toEqual('This is a good string without HTML.');
- });
- });
describe('joinPaths', function() {
it('returns empty string with no or empty arguments', function() {
expect(OC.joinPaths()).toEqual('');
diff --git a/core/src/OC/l10n.js b/core/src/OC/l10n.js
index fd81d3282d..ebb2c032b6 100644
--- a/core/src/OC/l10n.js
+++ b/core/src/OC/l10n.js
@@ -12,6 +12,7 @@ import _ from 'underscore'
import $ from 'jquery'
import DOMPurify from 'dompurify'
import Handlebars from 'handlebars'
+import escapeHTML from 'escape-html'
import OC from './index'
import {
diff --git a/core/src/Util/escapeHTML.js b/core/src/Util/escapeHTML.js
deleted file mode 100644
index b6596d44d2..0000000000
--- a/core/src/Util/escapeHTML.js
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * @copyright 2019 Christoph Wurst
- *
- * @author 2019 Christoph Wurst
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see .
- */
-
-/**
- * Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities
- * @param {string} s String to sanitize
- * @returns {string} Sanitized string
- */
-export default function escapeHTML(s) {
- return s.toString()
- .split('&')
- .join('&')
- .split('<')
- .join('<').split('>')
- .join('>').split('"')
- .join('"').split('\'')
- .join(''')
-}
diff --git a/core/src/globals.js b/core/src/globals.js
index eb72a9fef3..771748de0d 100644
--- a/core/src/globals.js
+++ b/core/src/globals.js
@@ -54,7 +54,7 @@ import 'strengthify/strengthify.css'
import OC from './OC/index'
import OCP from './OCP/index'
import OCA from './OCA/index'
-import escapeHTML from './Util/escapeHTML'
+import escapeHTML from 'escape-html'
import formatDate from './Util/format-date'
import { getToken as getRequestToken } from './OC/requesttoken'
import getURLParameter from './Util/get-url-parameter'
diff --git a/core/src/jquery/octemplate.js b/core/src/jquery/octemplate.js
index 24df673922..a8502b7b79 100644
--- a/core/src/jquery/octemplate.js
+++ b/core/src/jquery/octemplate.js
@@ -1,5 +1,5 @@
import $ from 'jquery'
-import escapeHTML from '../Util/escapeHTML'
+import escapeHTML from 'escape-html'
/**
* jQuery plugin for micro templates
diff --git a/package-lock.json b/package-lock.json
index b7df6554cc..3deef664fa 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1350,7 +1350,7 @@
},
"util": {
"version": "0.10.3",
- "resolved": "https://registry.npmjs.org/util/-/util-0.10.3.tgz",
+ "resolved": "http://registry.npmjs.org/util/-/util-0.10.3.tgz",
"integrity": "sha1-evsa/lCAUkZInj23/g7TeTNqwPk=",
"dev": true,
"requires": {
@@ -1384,7 +1384,7 @@
},
"async": {
"version": "1.5.2",
- "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz",
+ "resolved": "http://registry.npmjs.org/async/-/async-1.5.2.tgz",
"integrity": "sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo="
},
"async-each": {
@@ -1732,7 +1732,7 @@
},
"browserify-aes": {
"version": "1.2.0",
- "resolved": "https://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz",
+ "resolved": "http://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz",
"integrity": "sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA==",
"dev": true,
"requires": {
@@ -1769,7 +1769,7 @@
},
"browserify-rsa": {
"version": "4.0.1",
- "resolved": "https://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz",
+ "resolved": "http://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz",
"integrity": "sha1-IeCr+vbyApzy+vsTNWenAdQTVSQ=",
"dev": true,
"requires": {
@@ -1820,7 +1820,7 @@
},
"buffer": {
"version": "4.9.1",
- "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz",
+ "resolved": "http://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz",
"integrity": "sha1-bRu2AbB6TvztlwlBMgkwJ8lbwpg=",
"dev": true,
"requires": {
@@ -2443,7 +2443,7 @@
},
"create-hash": {
"version": "1.2.0",
- "resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",
+ "resolved": "http://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",
"integrity": "sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==",
"dev": true,
"requires": {
@@ -2456,7 +2456,7 @@
},
"create-hmac": {
"version": "1.1.7",
- "resolved": "https://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz",
+ "resolved": "http://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz",
"integrity": "sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==",
"dev": true,
"requires": {
@@ -2790,7 +2790,7 @@
},
"diffie-hellman": {
"version": "5.0.3",
- "resolved": "https://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz",
+ "resolved": "http://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz",
"integrity": "sha512-kqag/Nl+f3GwyK25fhUMYj81BUOrZ9IuJsjIcDE5icNM9FJHAVm3VcUDxdLPoQtTuUylWm6ZIknYJwwaPxsUzg==",
"dev": true,
"requires": {
@@ -3591,7 +3591,7 @@
},
"events": {
"version": "3.0.0",
- "resolved": "https://registry.npmjs.org/events/-/events-3.0.0.tgz",
+ "resolved": "http://registry.npmjs.org/events/-/events-3.0.0.tgz",
"integrity": "sha512-Dc381HFWJzEOhQ+d8pkNon++bk9h6cdAoAj4iE6Q4y6xgTzySWXlKn05/TVNpjnfRqi/X0EpJEJohPjNI3zpVA==",
"dev": true
},
@@ -3704,7 +3704,7 @@
"dependencies": {
"source-map": {
"version": "0.5.0",
- "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.0.tgz",
+ "resolved": "http://registry.npmjs.org/source-map/-/source-map-0.5.0.tgz",
"integrity": "sha1-D+llA6yGpa213mP05BKuSHLNvoY=",
"dev": true
}
@@ -6392,7 +6392,7 @@
},
"mkdirp": {
"version": "0.5.1",
- "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
+ "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
"integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
"requires": {
"minimist": "0.0.8"
@@ -7072,7 +7072,7 @@
},
"parse-asn1": {
"version": "5.1.5",
- "resolved": "https://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.5.tgz",
+ "resolved": "http://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.5.tgz",
"integrity": "sha512-jkMYn1dcJqF6d5CpU689bq7w/b5ALS9ROVSpQDPrZsqqesUJii9qutvoT5ltGedNXMO2e16YUWIghG9KxaViTQ==",
"dev": true,
"requires": {
@@ -7128,7 +7128,7 @@
},
"path-browserify": {
"version": "0.0.1",
- "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-0.0.1.tgz",
+ "resolved": "http://registry.npmjs.org/path-browserify/-/path-browserify-0.0.1.tgz",
"integrity": "sha512-BapA40NHICOS+USX9SN4tyhq+A2RrN/Ws5F0Z5aMHDp98Fl86lX8Oti8B7uN93L4Ifv4fHOEA+pQw87gmMO/lQ==",
"dev": true
},
@@ -7145,7 +7145,7 @@
},
"path-is-absolute": {
"version": "1.0.1",
- "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+ "resolved": "http://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
"integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18="
},
"path-is-inside": {
@@ -7753,7 +7753,7 @@
},
"readable-stream": {
"version": "2.3.6",
- "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
+ "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
"integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
"dev": true,
"requires": {
@@ -7927,7 +7927,7 @@
"dependencies": {
"jsesc": {
"version": "0.5.0",
- "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz",
+ "resolved": "http://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz",
"integrity": "sha1-597mbjXW/Bb3EP6R1c9p9w8IkR0=",
"dev": true
}
@@ -8370,7 +8370,7 @@
},
"sha.js": {
"version": "2.4.11",
- "resolved": "https://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz",
+ "resolved": "http://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz",
"integrity": "sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==",
"dev": true,
"requires": {
@@ -8726,7 +8726,7 @@
},
"stream-browserify": {
"version": "2.0.2",
- "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz",
+ "resolved": "http://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz",
"integrity": "sha512-nX6hmklHs/gr2FuxYDltq8fJA1GDlxKQCz8O/IM4atRqBH8OORmBNgfvW5gG10GT/qQ9u0CzIvr2X5Pkt6ntqg==",
"dev": true,
"requires": {
@@ -8828,7 +8828,7 @@
},
"string_decoder": {
"version": "1.1.1",
- "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+ "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
"integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
"requires": {
"safe-buffer": "~5.1.0"
@@ -9293,7 +9293,7 @@
},
"tty-browserify": {
"version": "0.0.0",
- "resolved": "https://registry.npmjs.org/tty-browserify/-/tty-browserify-0.0.0.tgz",
+ "resolved": "http://registry.npmjs.org/tty-browserify/-/tty-browserify-0.0.0.tgz",
"integrity": "sha1-oVe6QC2iTpv5V/mqadUk7tQpAaY=",
"dev": true
},
@@ -9688,7 +9688,7 @@
},
"vm-browserify": {
"version": "1.1.0",
- "resolved": "https://registry.npmjs.org/vm-browserify/-/vm-browserify-1.1.0.tgz",
+ "resolved": "http://registry.npmjs.org/vm-browserify/-/vm-browserify-1.1.0.tgz",
"integrity": "sha512-iq+S7vZJE60yejDYM0ek6zg308+UZsdtPExWP9VZoCFCz1zkJoXFnAX7aZfd/ZwrkidzdUZL0C/ryW+JwAiIGw==",
"dev": true
},
@@ -10342,7 +10342,7 @@
},
"wrap-ansi": {
"version": "2.1.0",
- "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz",
+ "resolved": "http://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz",
"integrity": "sha1-2Pw9KE3QV5T+hJc8rs3Rz4JP3YU=",
"dev": true,
"requires": {
@@ -10378,7 +10378,7 @@
},
"strip-ansi": {
"version": "3.0.1",
- "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
+ "resolved": "http://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
"integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
"dev": true,
"requires": {
diff --git a/package.json b/package.json
index 39a5ae66c0..45946c9b64 100644
--- a/package.json
+++ b/package.json
@@ -34,6 +34,7 @@
"css-vars-ponyfill": "^2.1.2",
"davclient.js": "git+https://github.com/owncloud/davclient.js.git#0.1.3",
"dompurify": "^2.0.3",
+ "escape-html": "^1.0.3",
"handlebars": "^4.3.4",
"jcrop": "git+https://github.com/ChristophWurst/Jcrop.git#v0.9.12-npm3",
"jquery": "2.1.4",