Add more escaping

Escape folder names in share.js
author: Olivier Paroz <oparoz@users.noreply.github.com> 2016-07-04 00:27:04 +0300
committer: Vincent Petry <PVince81@owncloud.com> 2016-07-06 14:29:50 +0300
commit: c36e2d8d8423a36cc5d09fd59012da5f085870a4 (patch)
tree: 517e4118553bbc9db8e1305a914057f294b9f657 /js/vendor
parent: e99047079333e6ac4c33412b11070feb88d3ca7f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/js/vendor/owncloud/share.js b/js/vendor/owncloud/share.js
index 7e834dba..b31b28cf 100644
--- a/js/vendor/owncloud/share.js
+++ b/js/vendor/owncloud/share.js
@@ -296,7 +296,7 @@
 		showDropDown:function(itemType, itemSource, appendTo, link, possiblePermissions, filename) {
 			var data = OC.Share.loadItem(itemType, itemSource);
 			var dropDownEl;
-			var html = '<div id="dropdown" class="drop shareDropDown" data-item-type="'+itemType+'" data-item-source="'+itemSource+'">';
+			var html = '<div id="dropdown" class="drop shareDropDown" data-item-type="'+escapeHTML(itemType)+'" data-item-source="'+escapeHTML(itemSource)+'">';
 			if (data !== false && data.reshare !== false && data.reshare.uid_owner !== undefined && data.reshare.uid_owner !== OC.currentUser) {
 				html += '<span class="reshare">';
 				if (oc_config.enable_avatars === true) {
author	Olivier Paroz <oparoz@users.noreply.github.com>	2016-07-04 00:27:04 +0300
committer	Vincent Petry <PVince81@owncloud.com>	2016-07-06 14:29:50 +0300
commit	c36e2d8d8423a36cc5d09fd59012da5f085870a4 (patch)
tree	517e4118553bbc9db8e1305a914057f294b9f657 /js/vendor
parent	e99047079333e6ac4c33412b11070feb88d3ca7f (diff)