فهرست منبع

Correctly escape filenames in displayFilesAsHTML

n1474335 8 سال پیش
والد
کامیت
c3469bd545
1فایلهای تغییر یافته به همراه2 افزوده شده و 2 حذف شده
  1. 2 2
      src/core/Utils.js

+ 2 - 2
src/core/Utils.js

@@ -945,12 +945,12 @@ const Utils = {
      * @param {Object[]} files
      * @param {Object[]} files
      * @returns {html}
      * @returns {html}
      */
      */
-    displayFilesAsHTML: function(files){
+    displayFilesAsHTML: function(files) {
         const formatDirectory = function(file) {
         const formatDirectory = function(file) {
             const html = "<div class='panel panel-default'>" +
             const html = "<div class='panel panel-default'>" +
                    "<div class='panel-heading' role='tab'>" +
                    "<div class='panel-heading' role='tab'>" +
                    "<h4 class='panel-title'>" +
                    "<h4 class='panel-title'>" +
-                   file.fileName +
+                   Utils.escapeHtml(file.fileName) +
                    // The following line is for formatting when HTML is stripped
                    // The following line is for formatting when HTML is stripped
                    "<span style='display: none'>\n0 bytes\n</span>" +
                    "<span style='display: none'>\n0 bytes\n</span>" +
                    "</h4>" +
                    "</h4>" +