wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Sanitize HTML

Browse source
This commit is contained in:
Lukas Reschke 2013-02-14 18:15:14 +01:00
parent f4c9d4c067
commit c7094197bf
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
core/templates/layout.user.php
View file

@ -31,7 +31,7 @@
<ul id="settings" class="svg">
<span id="expand">
<?php echo OCP\User::getDisplayName($user=null)?OCP\User::getDisplayName($user=null):(OC_User::getUser()?OC_User::getUser():'') ?>
<?php echo OCP\User::getDisplayName($user=null)?OC_Util::sanitizeHTML(OCP\User::getDisplayName($user=null)):(OC_User::getUser()?OC_User::getUser():'') ?>
<img class="svg" src="<?php echo image_path('', 'actions/caret.svg'); ?>" />
</span>
<div id="expanddiv">

4
settings/js/users.js
View file

@ -308,7 +308,7 @@ $(document).ready(function () {
event.stopPropagation();
var img = $(this);
var uid = img.parent().parent().attr('data-uid');
var displayName = img.parent().parent().attr('data-displayName');
var displayName = escapeHTML(img.parent().parent().attr('data-displayName'));
var input = $('<input type="text" value="' + displayName + '">');
img.css('display', 'none');
img.parent().children('span').replaceWith(input);
@ -329,7 +329,7 @@ $(document).ready(function () {
}
});
input.blur(function () {
$(this).replaceWith($(this).val());
$(this).replaceWith(escapeHTML($(this).val()));
img.css('display', '');
});
});