From e5f1745c8acf9791cf0c44f92664c94fe35472f0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Wed, 19 Jun 2013 19:57:07 +0200 Subject: [PATCH] Properly escape labels in WCF.EditableItemList see http://beta.woltlab.com/index.php/Thread/2164-Fehler-mit-tags-und-Special-HTML-Characters/ --- wcfsetup/install/files/js/WCF.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wcfsetup/install/files/js/WCF.js b/wcfsetup/install/files/js/WCF.js index fb791b3799..7556454889 100755 --- a/wcfsetup/install/files/js/WCF.js +++ b/wcfsetup/install/files/js/WCF.js @@ -7685,7 +7685,7 @@ WCF.EditableItemList = Class.extend({ } } - var $listItem = $('
  • ' + data.label + '
  • ').data('objectID', data.objectID).data('label', data.label).appendTo(this._itemList); + var $listItem = $('
  • ' + WCF.String.escapeHTML(data.label) + '
  • ').data('objectID', data.objectID).data('label', data.label).appendTo(this._itemList); $listItem.click($.proxy(this._click, this)); if (this._search) { -- 2.20.1