Fix XSS issue in drag-n-drop file uploads (#1490530)
Conflicts:
CHANGELOG
| | |
| | | - Fix support for Mozilla-based browsers, e.g. Pale Moon (#1490517) |
| | | - Fix various issues with Turkish (and similar) locales (#1490519) |
| | | - Fix so In-Reply-To header is set also for MDN receipts (#1490523) |
| | | - Fix XSS issue in drag-n-drop file uploads (#1490530) |
| | | |
| | | RELEASE 1.0.6 |
| | | ------------- |
| | |
| | | var submit_data = function() { |
| | | var multiple = files.length > 1, |
| | | ts = new Date().getTime(), |
| | | content = '<span>' + (multiple ? ref.get_label('uploadingmany') : files[0].name) + '</span>'; |
| | | // jQuery way to escape filename (#1490530) |
| | | content = $('<span>').text(multiple ? ref.get_label('uploadingmany') : files[0].name).html(); |
| | | |
| | | // add to attachments list |
| | | if (!ref.add2attachment_list(ts, { name:'', html:content, classname:'uploading', complete:false })) |