Merge pull request #16612 from nextcloud/backport/16599/stable14

[stable14] Fix/xss/on favorite file
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2019-07-30 17:31:14 +0300
committer: GitHub <noreply@github.com> 2019-07-30 17:31:14 +0300
commit: 53874abcf5f1a94bb32a7dc7d168142a3379b61e (patch)
tree: ca78c876fdb698e5c0c51a9295aef6683efd7a26
parent: af348e139303529074daa5e7110b386c7e8e96fe (diff)
parent: f08798e91905febf0c9d66a7c0b48171959b896c (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/apps/files/js/tagsplugin.js b/apps/files/js/tagsplugin.js
index 4ce6604384d..c0e7aaa1303 100644
--- a/apps/files/js/tagsplugin.js
+++ b/apps/files/js/tagsplugin.js
@@ -113,7 +113,7 @@
 		var innerTagA = document.createElement('A');
 		innerTagA.setAttribute("href", url);
 		innerTagA.setAttribute("class", "nav-icon-files svg");
-		innerTagA.innerHTML = appName;
+		innerTagA.innerHTML = _.escape(appName);
 
 		var length = listLIElements.length + 1;
 		var innerTagLI = document.createElement('li');
diff --git a/apps/theming/js/3rdparty/jscolor/jscolor.js b/apps/theming/js/3rdparty/jscolor/jscolor.js
index 2bdd4607b41..cad36eab92a 100644
--- a/apps/theming/js/3rdparty/jscolor/jscolor.js
+++ b/apps/theming/js/3rdparty/jscolor/jscolor.js
@@ -1100,7 +1100,7 @@ var jsc = {
 				if (jsc.isElementType(this.valueElement, 'input')) {
 					this.valueElement.value = value;
 				} else {
-					this.valueElement.innerHTML = value;
+					this.valueElement.innerHTML = _.escape(value);
 				}
 			}
 			if (!(flags & jsc.leaveStyle)) {
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2019-07-30 17:31:14 +0300
committer	GitHub <noreply@github.com>	2019-07-30 17:31:14 +0300
commit	53874abcf5f1a94bb32a7dc7d168142a3379b61e (patch)
tree	ca78c876fdb698e5c0c51a9295aef6683efd7a26
parent	af348e139303529074daa5e7110b386c7e8e96fe (diff)
parent	f08798e91905febf0c9d66a7c0b48171959b896c (diff)