From 4bc88ef59d0f57b850c88c17469547ec66f76e79 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 4 Jun 2012 16:22:25 +0200 Subject: [PATCH] prevent xss attacks by manipulating image file names --- apps/files_imageviewer/js/lightbox.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/files_imageviewer/js/lightbox.js b/apps/files_imageviewer/js/lightbox.js index fe8b975309..7a7fb66385 100644 --- a/apps/files_imageviewer/js/lightbox.js +++ b/apps/files_imageviewer/js/lightbox.js @@ -25,7 +25,7 @@ function viewImage(dir, file) { var location=OC.filePath('files','ajax','download.php')+'?files='+file+'&dir='+dir; $.fancybox({ "href": location, - "title": file, + "title": file.replace(//, ">"), "titlePosition": "inside" }); }