Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/files_videoplayer.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/js/viewer.js
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2016-02-12 13:56:41 +0300
committerLukas Reschke <lukas@owncloud.com>2016-02-12 13:56:41 +0300
commit8954d49a392bc1177e42d65aae65e66dcc06b8fc (patch)
tree535356b0311ad64f6265f6a82cccccdbf5d96ebe /js/viewer.js
parentdd5eaad26899551d325203546fd9574ac6f818d7 (diff)
parentbe44304e5cdaa9d132bd1d21407040a440123c4f (diff)
Merge pull request #29 from owncloud/fix-xss-in-js
Escape HTML
Diffstat (limited to 'js/viewer.js')
-rwxr-xr-xjs/viewer.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/js/viewer.js b/js/viewer.js
index 2594a6a..4647c24 100755
--- a/js/viewer.js
+++ b/js/viewer.js
@@ -9,8 +9,8 @@ var videoViewer = {
// insert HTML
$('<div id="videoplayer_overlay" style="display:none;"><div id="videoplayer_outer_container"><div id="videoplayer_container"><div id="videoplayer"></div></div></div></div>').appendTo('body');
var playerView = videoViewer.UI.playerTemplate
- .replace(/%type%/g, videoViewer.mime)
- .replace(/%src%/g, videoViewer.location)
+ .replace(/%type%/g, escapeHTML(videoViewer.mime))
+ .replace(/%src%/g, escapeHTML(videoViewer.location))
;
$(playerView).prependTo('#videoplayer');
// add event to overlay
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-13 15:11:04 +0300