Ver Fonte

Fixed XSS

Howaner há 6 anos atrás
pai
commit
5bb7b5b368
1 ficheiros alterados com 3 adições e 2 exclusões
  1. 3 2
      data/web/js/site/quarantine.js

+ 3 - 2
data/web/js/site/quarantine.js

@@ -90,8 +90,9 @@ jQuery(function($){
         $('#qid_detail_recipients').html('');
         if (typeof data.recipients !== 'undefined') {
           $.each(data.recipients, function(index, value) {
-            var displayStr = value.address + (value.type != 'to' ? (' (' + value.type.toUpperCase() + ')') : '');
-            $('#qid_detail_recipients').append('<span class="mail-address-item")>' + displayStr + '</span>');
+            var elem = $('<span class="mail-address-item"></span>');
+            elem.text(value.address + (value.type != 'to' ? (' (' + value.type.toUpperCase() + ')') : ''));
+            $('#qid_detail_recipients').append(elem);
           });
         }