diff --git a/apps/files_sharing/js/share.js b/apps/files_sharing/js/share.js
index 47fe0bd2c5..0999bfd6be 100644
--- a/apps/files_sharing/js/share.js
+++ b/apps/files_sharing/js/share.js
@@ -57,7 +57,7 @@
' data-action="Share-Notification" href="#" original-title="">' +
' ';
$tr.find('.fileactions').append(function() {
- var shareBy = t('files_sharing', 'Shared by {owner}', {owner: fileData.shareOwner});
+ var shareBy = t('files_sharing', 'Shared by {owner}', {owner: escapeHTML(fileData.shareOwner)});
var $result = $(shareNotification + ' ' + shareBy + '');
$result.on('click', function() {
return false;
diff --git a/core/js/share.js b/core/js/share.js
index dc808c295b..e164602d0a 100644
--- a/core/js/share.js
+++ b/core/js/share.js
@@ -199,10 +199,10 @@ OC.Share={
message = t('core', 'Shared');
// even if reshared, only show "Shared by"
if (owner) {
- message = t('files_sharing', 'Shared by {owner}', {owner: owner});
+ message = t('files_sharing', 'Shared by {owner}', {owner: escapeHTML(owner)});
}
else if (recipients) {
- message = t('core', 'Shared with {recipients}', {recipients: recipients});
+ message = t('core', 'Shared with {recipients}', {recipients: escapeHTML(recipients)});
}
action.html(' '+ message + '').prepend(img);
}
@@ -337,9 +337,9 @@ OC.Share={
var defaultExpireMessage = '';
if ((itemType === 'folder' || itemType === 'file') && oc_appconfig.core.defaultExpireDateEnabled) {
if (oc_appconfig.core.defaultExpireDateEnforced) {
- defaultExpireMessage = t('core', 'The public link will expire no later than {days} days after it is created', {'days': oc_appconfig.core.defaultExpireDate}) + '
';
+ defaultExpireMessage = t('core', 'The public link will expire no later than {days} days after it is created', {'days': escapeHTML(oc_appconfig.core.defaultExpireDate)}) + '
';
} else {
- defaultExpireMessage = t('core', 'By default the public link will expire after {days} days', {'days': oc_appconfig.core.defaultExpireDate}) + '
';
+ defaultExpireMessage = t('core', 'By default the public link will expire after {days} days', {'days': escapeHTML(oc_appconfig.core.defaultExpireDate)}) + '
';
}
}
@@ -537,7 +537,7 @@ OC.Share={
if (collectionList.length > 0) {
$(collectionList).append(', '+shareWithDisplayName);
} else {
- var html = '