fix XSS when adding a file with a malicious name to favorites
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
This commit is contained in:
parent
48b271a216
commit
af87bd2f60
|
@ -103,7 +103,7 @@
|
|||
var innerTagA = document.createElement('A');
|
||||
innerTagA.setAttribute("href", url);
|
||||
innerTagA.setAttribute("class", "nav-icon-files svg");
|
||||
innerTagA.innerHTML = appName;
|
||||
innerTagA.innerHTML = _.escape(appName);
|
||||
|
||||
var length = listLIElements.length + 1;
|
||||
var innerTagLI = document.createElement('li');
|
||||
|
|
Loading…
Reference in New Issue