Merge pull request #688 from owncloud/stable8.2-escape-folder-namesv8.2.9RC2 v8.2.9RC1 v8.2.9 v8.2.8RC2 v8.2.8RC1 v8.2.8 v8.2.7 v8.2.11RC1 v8.2.10RC2 v8.2.10RC1 v8.2.10

[stable8.2] Add more escaping
author: Olivier Paroz <oparoz@users.noreply.github.com> 2016-07-14 15:45:03 +0300
committer: GitHub <noreply@github.com> 2016-07-14 15:45:03 +0300
commit: 990623712f6f7d6fa4e5c85e08a04eadc55d6636 (patch)
tree: 517e4118553bbc9db8e1305a914057f294b9f657
parent: e99047079333e6ac4c33412b11070feb88d3ca7f (diff)
parent: c36e2d8d8423a36cc5d09fd59012da5f085870a4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/js/vendor/owncloud/share.js b/js/vendor/owncloud/share.js
index 7e834dba..b31b28cf 100644
--- a/js/vendor/owncloud/share.js
+++ b/js/vendor/owncloud/share.js
@@ -296,7 +296,7 @@
 		showDropDown:function(itemType, itemSource, appendTo, link, possiblePermissions, filename) {
 			var data = OC.Share.loadItem(itemType, itemSource);
 			var dropDownEl;
-			var html = '<div id="dropdown" class="drop shareDropDown" data-item-type="'+itemType+'" data-item-source="'+itemSource+'">';
+			var html = '<div id="dropdown" class="drop shareDropDown" data-item-type="'+escapeHTML(itemType)+'" data-item-source="'+escapeHTML(itemSource)+'">';
 			if (data !== false && data.reshare !== false && data.reshare.uid_owner !== undefined && data.reshare.uid_owner !== OC.currentUser) {
 				html += '<span class="reshare">';
 				if (oc_config.enable_avatars === true) {
author	Olivier Paroz <oparoz@users.noreply.github.com>	2016-07-14 15:45:03 +0300
committer	GitHub <noreply@github.com>	2016-07-14 15:45:03 +0300
commit	990623712f6f7d6fa4e5c85e08a04eadc55d6636 (patch)
tree	517e4118553bbc9db8e1305a914057f294b9f657
parent	e99047079333e6ac4c33412b11070feb88d3ca7f (diff)
parent	c36e2d8d8423a36cc5d09fd59012da5f085870a4 (diff)