From cf7afabf62d1e3f4c5856d7636e21496d7992257 Mon Sep 17 00:00:00 2001
From: Thomas Pulzer <t.pulzer@kniel.de>
Date: Tue, 5 Jul 2016 06:59:11 +0200
Subject: [PATCH] Added escaping html code when building link to documentation.

---
 apps/updatenotification/js/notification.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/updatenotification/js/notification.js b/apps/updatenotification/js/notification.js
index d5463174e4..913a59e042 100644
--- a/apps/updatenotification/js/notification.js
+++ b/apps/updatenotification/js/notification.js
@@ -18,7 +18,7 @@ $(document).ready(function(){
 		version = oc_updateState.updateVersion,
 		docLink = oc_updateState.updateLink,
 		text = t('core', '{version} is available. Get more information on how to update.', {version: version}),
-		element = $('<a href="'+docLink+'" target="_blank">'+text+'</a>');
+		element = $('<a href="'+escapeHTML(docLink)+'" target="_blank">'+escapeHTML(text)+'</a>');
 
 	OC.Notification.showTemporary(
 		element,