From 2e30b24dbf3aebf4d201bc922eb7b7bc8ab8f4fd Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 14 Sep 2013 09:44:58 +0200
Subject: Fix XSS issue in addressbook group name field [CVE-2013-5646]
 (#1489333)

---
 program/js/app.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'program/js')

diff --git a/program/js/app.js b/program/js/app.js
index 42c661144..1d1c65172 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -4345,7 +4345,7 @@ function rcube_webmail()
         boxtitle.append('&nbsp;&raquo;&nbsp;');
       }
 
-      boxtitle.append($('<span>'+prop.name+'</span>'));
+      boxtitle.append($('<span>').text(prop.name));
     }
 
     this.triggerEvent('groupupdate', prop);
-- 
cgit v1.2.3