fix XSS when adding a file with a malicious name to favorites

Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
This commit is contained in:
Max Fichtelmann 2019-07-29 17:44:01 +02:00 committed by Backportbot
parent 48b271a216
commit af87bd2f60

View file

@ -103,7 +103,7 @@
var innerTagA = document.createElement('A');
innerTagA.setAttribute("href", url);
innerTagA.setAttribute("class", "nav-icon-files svg");
innerTagA.innerHTML = appName;
innerTagA.innerHTML = _.escape(appName);
var length = listLIElements.length + 1;
var innerTagLI = document.createElement('li');