From 29504e8c8dd9a1876c00cdea430664b659f19298 Mon Sep 17 00:00:00 2001
From: Max Fichtelmann <max.fichtelmann@procilon.de>
Date: Mon, 29 Jul 2019 17:44:01 +0200
Subject: [PATCH 1/2] fix XSS when adding a file with a malicious name to
 favorites

Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
---
 apps/files/js/tagsplugin.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/files/js/tagsplugin.js b/apps/files/js/tagsplugin.js
index 4ce6604384d9c..c0e7aaa130348 100644
--- a/apps/files/js/tagsplugin.js
+++ b/apps/files/js/tagsplugin.js
@@ -113,7 +113,7 @@
 		var innerTagA = document.createElement('A');
 		innerTagA.setAttribute("href", url);
 		innerTagA.setAttribute("class", "nav-icon-files svg");
-		innerTagA.innerHTML = appName;
+		innerTagA.innerHTML = _.escape(appName);
 
 		var length = listLIElements.length + 1;
 		var innerTagLI = document.createElement('li');

From f08798e91905febf0c9d66a7c0b48171959b896c Mon Sep 17 00:00:00 2001
From: Max Fichtelmann <max.fichtelmann@procilon.de>
Date: Mon, 29 Jul 2019 17:48:33 +0200
Subject: [PATCH 2/2] prevent potential XSS via unchecked use innerHTML

Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
---
 apps/theming/js/3rdparty/jscolor/jscolor.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/theming/js/3rdparty/jscolor/jscolor.js b/apps/theming/js/3rdparty/jscolor/jscolor.js
index 2bdd4607b41c7..cad36eab92ab7 100644
--- a/apps/theming/js/3rdparty/jscolor/jscolor.js
+++ b/apps/theming/js/3rdparty/jscolor/jscolor.js
@@ -1100,7 +1100,7 @@ var jsc = {
 				if (jsc.isElementType(this.valueElement, 'input')) {
 					this.valueElement.value = value;
 				} else {
-					this.valueElement.innerHTML = value;
+					this.valueElement.innerHTML = _.escape(value);
 				}
 			}
 			if (!(flags & jsc.leaveStyle)) {