Added escaping html code when building link to documentation.

2016-07-05 06:59:11 +02:00 · 2016-07-05 06:59:11 +02:00 · cf7afabf62
parent 52336b2038
commit cf7afabf62
1 changed files with 1 additions and 1 deletions
--- a/apps/updatenotification/js/notification.js
+++ b/apps/updatenotification/js/notification.js
@ -18,7 +18,7 @@ $(document).ready(function(){
 		version = oc_updateState.updateVersion,
 		docLink = oc_updateState.updateLink,
 		text = t('core', '{version} is available. Get more information on how to update.', {version: version}),
-		element = $('<a href="'+docLink+'" target="_blank">'+text+'</a>');
+		element = $('<a href="'+escapeHTML(docLink)+'" target="_blank">'+escapeHTML(text)+'</a>');

 	OC.Notification.showTemporary(
 		element,