sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Contacts: Fix XSS.

remotes/origin/stable4
Thomas Tanghus 2012-05-28 14:41:48 +07:00
parent 53da328aa1
commit cf113409ad
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/contacts/js/contacts.js
Unescape Escape View File

@ -6,7 +6,7 @@ function ucwords (str) {
String.prototype.strip_tags = function(){
tags = this;
stripped = tags.replace(/[\<\>]/gi, "");
stripped = tags.replace(/<(.|\n)*?>/g, '');
return stripped;
};
@ -159,7 +159,7 @@ Contacts={
// Name has changed. Update it and reorder.
$('#fn').change(function(){
var name = $('#fn').val();
var name = $('#fn').val().strip_tags();
var item = $('#contacts [data-id="'+Contacts.UI.Card.id+'"]');
$(item).find('a').html(name);
var added = false;