From 3ebb1565a7251966647d81c4d0574a8db8a8d116 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Mon, 16 Jun 2014 13:44:41 +0200
Subject: [PATCH] escape before output, fixes #9041

---
 settings/js/users/deleteHandler.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/settings/js/users/deleteHandler.js b/settings/js/users/deleteHandler.js
index 9cbe7cd514..2d8b4499ee 100644
--- a/settings/js/users/deleteHandler.js
+++ b/settings/js/users/deleteHandler.js
@@ -94,7 +94,7 @@ DeleteHandler.prototype.showNotification = function() {
 		}
 		$('#notification').data(this.notificationDataID, true);
 		var msg = this.notificationMessage.replace(this.notificationPlaceholder,
-											this.oidToDelete);
+											escapeHTML(this.oidToDelete));
 		this.notifier.showHtml(msg);
 	}
 };