From 2e30b24dbf3aebf4d201bc922eb7b7bc8ab8f4fd Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 14 Sep 2013 03:44:58 -0400
Subject: [PATCH] Fix XSS issue in addressbook group name field [CVE-2013-5646] (#1489333)
---
CHANGELOG | 1 +
program/js/app.js | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index 85963d8..6a93d40 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix XSS issue in addressbook group name field [CVE-2013-5646] (#1489333)
- Fix attachment icon issue when rare font/language is used (#1489326)
- After message is sent refresh messages list of replied message folder (#1489249)
- Add option force specified domain in user login - username_domain_forced (#1489264)
diff --git a/program/js/app.js b/program/js/app.js
index 42c6611..1d1c651 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -4345,7 +4345,7 @@
boxtitle.append(' » ');
}
- boxtitle.append($('<span>'+prop.name+'</span>'));
+ boxtitle.append($('<span>').text(prop.name));
}
this.triggerEvent('groupupdate', prop);
--
Gitblit v1.9.1