projects / GitHub / WoltLab / WCF.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 292cf97)
Fixed escaping of values returned by WCF.Search.Base
authorAlexander Ebert <ebert@woltlab.com>
Mon, 22 Jul 2013 12:33:21 +0000 (14:33 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Mon, 22 Jul 2013 12:33:21 +0000 (14:33 +0200)
wcfsetup/install/files/js/WCF.js patch | blob | blame | history

diff --git a/wcfsetup/install/files/js/WCF.js b/wcfsetup/install/files/js/WCF.js
index 85727ca6c90a95f7bd0b2523883903537976fdff..553cc05503d38b7ef18684d159a802743da43e34 100755 (executable)
--- a/wcfsetup/install/files/js/WCF.js
+++ b/wcfsetup/install/files/js/WCF.js
@@ -5575,7 +5575,7 @@ WCF.Search.Base = Class.extend({
         * @return      jQuery
         */
        _createListItem: function(item) {
-               var $listItem = $('<li><span>' + item.label + '</span></li>').appendTo(this._list);
+               var $listItem = $('<li><span>' + WCF.String.escapeHTML(item.label) + '</span></li>').appendTo(this._list);
                $listItem.data('objectID', item.objectID).data('label', item.label).click($.proxy(this._executeCallback, this));
                
                this._itemCount++;
WoltLab Suite Core (previously WoltLab Community Framework)