From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 19 Jun 2013 17:57:07 +0000 (+0200)
Subject: Properly escape labels in WCF.EditableItemList
X-Git-Tag: 2.0.0_Beta_4~20^2~1
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e5f1745c8acf9791cf0c44f92664c94fe35472f0;p=GitHub%2FWoltLab%2FWCF.git

Properly escape labels in WCF.EditableItemList

see http://beta.woltlab.com/index.php/Thread/2164-Fehler-mit-tags-und-Special-HTML-Characters/
---

diff --git a/wcfsetup/install/files/js/WCF.js b/wcfsetup/install/files/js/WCF.js
index fb791b3799..7556454889 100755
--- a/wcfsetup/install/files/js/WCF.js
+++ b/wcfsetup/install/files/js/WCF.js
@@ -7685,7 +7685,7 @@ WCF.EditableItemList = Class.extend({
 			}
 		}
 		
-		var $listItem = $('<li class="badge">' + data.label + '</li>').data('objectID', data.objectID).data('label', data.label).appendTo(this._itemList);
+		var $listItem = $('<li class="badge">' + WCF.String.escapeHTML(data.label) + '</li>').data('objectID', data.objectID).data('label', data.label).appendTo(this._itemList);
 		$listItem.click($.proxy(this._click, this));
 		
 		if (this._search) {