From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 22 Jul 2013 12:33:21 +0000 (+0200)
Subject: Fixed escaping of values returned by WCF.Search.Base
X-Git-Tag: 2.0.0_Beta_5~20^2~5
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=83fccf4356ef982594a893988b415c4061a579e7;p=GitHub%2FWoltLab%2FWCF.git

Fixed escaping of values returned by WCF.Search.Base
---

diff --git a/wcfsetup/install/files/js/WCF.js b/wcfsetup/install/files/js/WCF.js
index 85727ca6c9..553cc05503 100755
--- a/wcfsetup/install/files/js/WCF.js
+++ b/wcfsetup/install/files/js/WCF.js
@@ -5575,7 +5575,7 @@ WCF.Search.Base = Class.extend({
 	 * @return	jQuery
 	 */
 	_createListItem: function(item) {
-		var $listItem = $('<li><span>' + item.label + '</span></li>').appendTo(this._list);
+		var $listItem = $('<li><span>' + WCF.String.escapeHTML(item.label) + '</span></li>').appendTo(this._list);
 		$listItem.data('objectID', item.objectID).data('label', item.label).click($.proxy(this._executeCallback, this));
 		
 		this._itemCount++;