extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-08 09:05:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use htmlspecialchars to escape data-attributes

Browse Source
This commit is contained in:
Nathan Gray 2013-07-19 18:03:47 +00:00
parent 5e3c0192d3
commit 67d6775f54
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpgwapi/inc/class.egw_framework.inc.php
View File

@ -852,7 +852,7 @@ abstract class egw_framework
foreach($extra as $name => $value)
{
if (is_array($value)) $value = json_encode($value);
$java_script .= ' data-'.$name."='".str_replace("'", '\\\'', $value)."'";
$java_script .= ' data-'.$name."=\"". html::htmlspecialchars($value)."\"";
}
$java_script .= "></script>\n";