escape display name and email

2014-05-09 23:12:26 +02:00 · 2014-05-09 23:12:26 +02:00 · 78c0cc6089
parent 1083085e6e
commit 78c0cc6089
1 changed files with 1 additions and 1 deletions
--- a/core/js/share.js
+++ b/core/js/share.js
@ -348,7 +348,7 @@ OC.Share={
 				})
 				.data("ui-autocomplete")._renderItem = function( ul, item ) {
 					return $( "<li>" )
-						.append( "<a>" + item.displayname + "<br>" + item.email + "</a>" )
+						.append( "<a>" + escapeHTML(item.displayname) + "<br>" + escapeHTML(item.email) + "</a>" )
 						.appendTo( ul );
 				};
 			}