From 2e30b24dbf3aebf4d201bc922eb7b7bc8ab8f4fd Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sat, 14 Sep 2013 09:44:58 +0200 Subject: Fix XSS issue in addressbook group name field [CVE-2013-5646] (#1489333) --- program/js/app.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'program/js') diff --git a/program/js/app.js b/program/js/app.js index 42c661144..1d1c65172 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -4345,7 +4345,7 @@ function rcube_webmail() boxtitle.append(' » '); } - boxtitle.append($(''+prop.name+'')); + boxtitle.append($('').text(prop.name)); } this.triggerEvent('groupupdate', prop); -- cgit v1.2.3