fix another xss vuln

2016-01-17 15:53:50 +05:30 · 2016-01-17 15:53:50 +05:30 · d549ab3592
commit d549ab3592
parent a5ec6a655b
1 changed files with 3 additions and 1 deletions
--- a/static/js/transfersPanel.js
+++ b/static/js/transfersPanel.js
@ -14,7 +14,9 @@ oml.ui.transfersPanel = function() {
                    align: Ox.contains([
                        'size', 'transferprogress'
                    ], id) ? 'right' : 'left',
-                    format: key.format,
+                    format: function(value) {
+                        return Ox.encodeHTMLEntities(key.format(value));
+                    },
                    id: id,
                    operator: oml.getSortOperator(id),
                    title: Ox._(key.title),