From 2e30b24dbf3aebf4d201bc922eb7b7bc8ab8f4fd Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sat, 14 Sep 2013 09:44:58 +0200 Subject: Fix XSS issue in addressbook group name field [CVE-2013-5646] (#1489333) --- CHANGELOG | 1 + program/js/app.js | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 85963d84f..6a93d40ce 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix XSS issue in addressbook group name field [CVE-2013-5646] (#1489333) - Fix attachment icon issue when rare font/language is used (#1489326) - After message is sent refresh messages list of replied message folder (#1489249) - Add option force specified domain in user login - username_domain_forced (#1489264) diff --git a/program/js/app.js b/program/js/app.js index 42c661144..1d1c65172 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -4345,7 +4345,7 @@ function rcube_webmail() boxtitle.append(' » '); } - boxtitle.append($(''+prop.name+'')); + boxtitle.append($('').text(prop.name)); } this.triggerEvent('groupupdate', prop); -- cgit v1.2.3