forked from extern/egroupware
Use htmlspecialchars to escape data-attributes
This commit is contained in:
parent
5e3c0192d3
commit
67d6775f54
@ -852,7 +852,7 @@ abstract class egw_framework
|
||||
foreach($extra as $name => $value)
|
||||
{
|
||||
if (is_array($value)) $value = json_encode($value);
|
||||
$java_script .= ' data-'.$name."='".str_replace("'", '\\\'', $value)."'";
|
||||
$java_script .= ' data-'.$name."=\"". html::htmlspecialchars($value)."\"";
|
||||
}
|
||||
$java_script .= "></script>\n";
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user