[Web] Fix XSS in app password names

2021-05-07 14:49:21 +02:00
parent f2ed26f026
commit 423ccb9ba9
2 changed files with 6 additions and 4 deletions
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -177,6 +177,7 @@ jQuery(function($){
        },
        success: function (data) {
          $.each(data, function (i, item) {
+            item.name = escapeHtml(item.name);
            if (acl_data.app_passwds === 1) {
              item.action = '<div class="btn-group">' +
                '<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +