holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use htmlspecialchars to escape data-attributes

Browse Source
This commit is contained in:
Nathan Gray 2013-07-19 18:03:47 +00:00
parent 5e3c0192d3
commit 67d6775f54
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpgwapi/inc/class.egw_framework.inc.php
View File

@ -852,7 +852,7 @@ abstract class egw_framework
foreach($extra as $name => $value) foreach($extra as $name => $value)
{ {
if (is_array($value)) $value = json_encode($value); if (is_array($value)) $value = json_encode($value);
$java_script .= ' data-'.$name."='".str_replace("'", '\\\'', $value)."'"; $java_script .= ' data-'.$name."=\"". html::htmlspecialchars($value)."\"";
} }
$java_script .= "></script>\n"; $java_script .= "></script>\n";