diff options
author | Thomas Tanghus <thomas@tanghus.net> | 2013-05-15 18:22:47 +0400 |
---|---|---|
committer | Thomas Tanghus <thomas@tanghus.net> | 2013-05-15 18:22:47 +0400 |
commit | 600afadd517ca5cbd2a7b9426ea8f9d9e085e86f (patch) | |
tree | dafd00986b210705d5d6960e68c60ae5d8218b43 | |
parent | 349f57c5786d16fe6cdc287471047e22c9443117 (diff) |
Escape file name in filepicker
-rw-r--r-- | core/js/oc-dialogs.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/js/oc-dialogs.js b/core/js/oc-dialogs.js index 22667dcb666..5c60ea379b6 100644 --- a/core/js/oc-dialogs.js +++ b/core/js/oc-dialogs.js @@ -219,7 +219,7 @@ var OCdialogs = { var entry_template = '<div onclick="javascript:OC.dialogs.handlePickerClick(this, \'*ENTRYNAME*\',\''+dialog_content_id+'\')" data="*ENTRYTYPE*"><img src="*MIMETYPEICON*" style="margin-right:1em;"><span id="filename">*NAME*</span><div style="float:right;margin-right:1em;">*LASTMODDATE*</div></div>'; var names = ''; $.each(r.data, function(index, a) { - names += entry_template.replace('*LASTMODDATE*', OC.mtime2date(a.mtime)).replace('*NAME*', a.name).replace('*MIMETYPEICON*', a.mimetype_icon).replace('*ENTRYNAME*', a.name).replace('*ENTRYTYPE*', a.type); + names += entry_template.replace('*LASTMODDATE*', OC.mtime2date(a.mtime)).replace('*NAME*', escapeHTML(a.name)).replace('*MIMETYPEICON*', a.mimetype_icon).replace('*ENTRYNAME*', escapeHTML(a.name)).replace('*ENTRYTYPE*', a.type); }); $(dialog_content_id + ' #filelist').html(names); |