prevent xss attacks by manipulating text file names
This commit is contained in:
parent
3b9bf83fe7
commit
1d6ca084a6
|
@ -67,7 +67,7 @@ function setSyntaxMode(ext){
|
||||||
function showControls(filename,writeperms){
|
function showControls(filename,writeperms){
|
||||||
// Loads the control bar at the top.
|
// Loads the control bar at the top.
|
||||||
// Load the new toolbar.
|
// Load the new toolbar.
|
||||||
var editorbarhtml = '<div id="editorcontrols" style="display: none;"><div class="crumb svg last" id="breadcrumb_file" style="background-image:url("'+OC.imagePath('core','breadcrumb.png')+'")"><p>'+filename+'</p></div>';
|
var editorbarhtml = '<div id="editorcontrols" style="display: none;"><div class="crumb svg last" id="breadcrumb_file" style="background-image:url("'+OC.imagePath('core','breadcrumb.png')+'")"><p>'+filename.replace(/</, "<").replace(/>/, ">")+'</p></div>';
|
||||||
if(writeperms=="true"){
|
if(writeperms=="true"){
|
||||||
editorbarhtml += '<button id="editor_save">'+t('files_texteditor','Save')+'</button><div class="separator"></div>';
|
editorbarhtml += '<button id="editor_save">'+t('files_texteditor','Save')+'</button><div class="separator"></div>';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue