From 83fccf4356ef982594a893988b415c4061a579e7 Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Mon, 22 Jul 2013 14:33:21 +0200 Subject: [PATCH] Fixed escaping of values returned by WCF.Search.Base --- wcfsetup/install/files/js/WCF.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wcfsetup/install/files/js/WCF.js b/wcfsetup/install/files/js/WCF.js index 85727ca6c9..553cc05503 100755 --- a/wcfsetup/install/files/js/WCF.js +++ b/wcfsetup/install/files/js/WCF.js @@ -5575,7 +5575,7 @@ WCF.Search.Base = Class.extend({ * @return jQuery */ _createListItem: function(item) { - var $listItem = $('
  • ' + item.label + '
  • ').appendTo(this._list); + var $listItem = $('
  • ' + WCF.String.escapeHTML(item.label) + '
  • ').appendTo(this._list); $listItem.data('objectID', item.objectID).data('label', item.label).click($.proxy(this._executeCallback, this)); this._itemCount++; -- 2.20.1