diff --git a/UI/WebServerResources/SchedulerUI.js b/UI/WebServerResources/SchedulerUI.js index bd7ad3943..d7d3d981c 100644 --- a/UI/WebServerResources/SchedulerUI.js +++ b/UI/WebServerResources/SchedulerUI.js @@ -3076,7 +3076,9 @@ function appendCalendar(folderName, folderPath) { var colorBox = document.createElement("div"); li.appendChild(colorBox); - li.appendChild(document.createTextNode(folderName)); + li.appendChild(document.createTextNode(folderName + .replace("<", "<", "g") + .replace(">", ">", "g"))); colorBox.appendChild(document.createTextNode("OO")); $(colorBox).addClassName("colorBox"); @@ -3117,7 +3119,7 @@ function appendStyleElement(folderPath, color) { function onFolderSubscribeCB(folderData) { var folder = $(folderData["folder"]); if (!folder) { - appendCalendar(folderData["folderName"].unescapeHTML(), folderData["folder"]); + appendCalendar(folderData["folderName"], folderData["folder"]); refreshEvents(); refreshTasks(); changeCalendarDisplay(); diff --git a/UI/WebServerResources/UIxContactsUserFolders.js b/UI/WebServerResources/UIxContactsUserFolders.js index f7e37a771..3a8eb238b 100644 --- a/UI/WebServerResources/UIxContactsUserFolders.js +++ b/UI/WebServerResources/UIxContactsUserFolders.js @@ -192,11 +192,7 @@ function addFolderBranchToTree(tree, user, folder, nodeId, subId, isLast) { else icon += 'calendar-folder-16x16.png'; var folderId = user + ":" + folderInfos[1].substr(1); - - // name has the format "Foldername (Firstname Lastname )" - // We sanitize the value to avoid XSS issues - var name = folderInfos[0].escapeHTML(); - + var name = folderInfos[0]; // name has the format "Folername (Firstname Lastname )" var pos = name.lastIndexOf(' ('); if (pos > -1) name = name.substring(0, pos); // strip the part with fullname and email