diff --git a/media/js/base.js b/media/js/base.js index b224eef9a1..7af6422291 100644 --- a/media/js/base.js +++ b/media/js/base.js @@ -652,3 +652,10 @@ function addAnchorsToHeaders(html) { }); return tree.html(); } + +function HTMLescape(html){ + return document.createElement('div') + .appendChild(document.createTextNode(html)) + .parentNode + .innerHTML; +} diff --git a/seahub/templates/snippets/list_commit_detail.html b/seahub/templates/snippets/list_commit_detail.html index abec959e60..1c355f6d34 100644 --- a/seahub/templates/snippets/list_commit_detail.html +++ b/seahub/templates/snippets/list_commit_detail.html @@ -29,7 +29,7 @@ function listCommitDetails(url, t) { show(data['deldir'], "{% trans "Deleted directories" %}"); if (!con) { if (data['cmt_desc']) { - con = '

' + data['cmt_desc'] + '

'; + con = '

' + HTMLescape(data['cmt_desc']) + '

'; } } $('#ls-ch').css('text-align','left').html(heading + time + con); diff --git a/seahub/templates/snippets/myhome_extra_script.html b/seahub/templates/snippets/myhome_extra_script.html index 80f7dc5b95..845f6e159a 100644 --- a/seahub/templates/snippets/myhome_extra_script.html +++ b/seahub/templates/snippets/myhome_extra_script.html @@ -102,12 +102,12 @@ function repoCreateSuccessCallback(data) { $.modal.close(); var new_repo_item = $('#new-repo .repo-item').clone(true); var tds = $('td', new_repo_item); - var repo_id = data['repo_id'], repo_name = data['repo_name']; + var repo_id = data['repo_id'], repo_name = HTMLescape(data['repo_name']); if (data['repo_enc']) { $('img', $(tds[0])).attr('src', '{{MEDIA_URL}}img/sync-folder-encrypt-20.png'); } $(tds[1]).html('' + repo_name + ''); - $(tds[2]).html(data['repo_desc']); + $(tds[2]).text(data['repo_desc']); $(tds[4]).attr('data-id', repo_id).attr('data-name', repo_name); var my_own_repos = $('#my-own-repos');