From 2e30b24dbf3aebf4d201bc922eb7b7bc8ab8f4fd Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 14 Sep 2013 03:44:58 -0400
Subject: [PATCH] Fix XSS issue in addressbook group name field [CVE-2013-5646] (#1489333)
---
program/js/app.js | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/program/js/app.js b/program/js/app.js
index 42c6611..1d1c651 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -4345,7 +4345,7 @@
boxtitle.append(' » ');
}
- boxtitle.append($('<span>'+prop.name+'</span>'));
+ boxtitle.append($('<span>').text(prop.name));
}
this.triggerEvent('groupupdate', prop);
--
Gitblit v1.9.1