rooty/OwncloudContactsOfficial
1
0
Fork 0
mirror of https://github.com/owncloudarchive/contacts.git synced 2024-11-30 12:24:11 +01:00
Code Issues Releases Activity

Contacts: Fix XSS.

Browse Source
This commit is contained in:
Thomas Tanghus 2012-05-28 14:41:48 +02:00
parent fae3bb3f59
commit 795406fb7e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
js/contacts.js
View File

@ -6,7 +6,7 @@ function ucwords (str) {
String.prototype.strip_tags = function(){
tags = this;
stripped = tags.replace(/[\<\>]/gi, "");
stripped = tags.replace(/<(.|\n)*?>/g, '');
return stripped;
};
@ -159,7 +159,7 @@ Contacts={
// Name has changed. Update it and reorder.
$('#fn').change(function(){
var name = $('#fn').val();
var name = $('#fn').val().strip_tags();
var item = $('#contacts [data-id="'+Contacts.UI.Card.id+'"]');
$(item).find('a').html(name);
var added = false;