From f173ced67c4624dbb1e8188209abead18310dd08 Mon Sep 17 00:00:00 2001 From: Thomas Pulzer Date: Mon, 4 Jul 2016 22:57:10 +0200 Subject: [PATCH 1/2] Changed the creation of the update notification link to generate the js object from concated string. --- apps/updatenotification/js/notification.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/updatenotification/js/notification.js b/apps/updatenotification/js/notification.js index 810b9c168afb7..d5463174e4ca4 100644 --- a/apps/updatenotification/js/notification.js +++ b/apps/updatenotification/js/notification.js @@ -18,7 +18,7 @@ $(document).ready(function(){ version = oc_updateState.updateVersion, docLink = oc_updateState.updateLink, text = t('core', '{version} is available. Get more information on how to update.', {version: version}), - element = $('').attr('href', docLink).attr('target','_blank').text(text); + element = $(''+text+''); OC.Notification.showTemporary( element, From 601c5b85c4641ede38eb65bc6eb9b95fb721d90d Mon Sep 17 00:00:00 2001 From: Thomas Pulzer Date: Tue, 5 Jul 2016 06:59:11 +0200 Subject: [PATCH 2/2] Added escaping html code when building link to documentation. --- apps/updatenotification/js/notification.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/updatenotification/js/notification.js b/apps/updatenotification/js/notification.js index d5463174e4ca4..913a59e042cb5 100644 --- a/apps/updatenotification/js/notification.js +++ b/apps/updatenotification/js/notification.js @@ -18,7 +18,7 @@ $(document).ready(function(){ version = oc_updateState.updateVersion, docLink = oc_updateState.updateLink, text = t('core', '{version} is available. Get more information on how to update.', {version: version}), - element = $(''+text+''); + element = $(''+escapeHTML(text)+''); OC.Notification.showTemporary( element,