diff --git a/apps/common/main/lib/controller/History.js b/apps/common/main/lib/controller/History.js index 0ffd247ff1..e6a6c03115 100644 --- a/apps/common/main/lib/controller/History.js +++ b/apps/common/main/lib/controller/History.js @@ -202,7 +202,7 @@ define([ if (!opts.data || opts.data.error) { var config = { title: this.notcriticalErrorTitle, - msg: opts.data && opts.data.error ? opts.data.error : this.txtErrorLoadHistory, + msg: opts.data && opts.data.error ? Common.Utils.String.htmlEncode(opts.data.error) : this.txtErrorLoadHistory, iconCls: 'warn', buttons: ['ok'] }; diff --git a/apps/documenteditor/main/app/controller/Main.js b/apps/documenteditor/main/app/controller/Main.js index 958df260bd..f03591e5e1 100644 --- a/apps/documenteditor/main/app/controller/Main.js +++ b/apps/documenteditor/main/app/controller/Main.js @@ -613,7 +613,7 @@ define([ this.api.asc_coAuthoringDisconnect(); Common.NotificationCenter.trigger('collaboration:sharingdeny'); Common.NotificationCenter.trigger('api:disconnect'); - !old_rights && Common.UI.TooltipManager.showTip({ step: 'changeRights', text: _.isEmpty(data.message) ? this.warnProcessRightsChange : data.message, + !old_rights && Common.UI.TooltipManager.showTip({ step: 'changeRights', text: _.isEmpty(data.message) ? this.warnProcessRightsChange : Common.Utils.String.htmlEncode(data.message), target: '#toolbar', maxwidth: 600, showButton: false, automove: true, noHighlight: true, noArrow: true, multiple: true, callback: function() { me._state.lostEditingRights = false; @@ -705,7 +705,7 @@ define([ } Common.UI.alert({ title: this.notcriticalErrorTitle, - msg: (opts.data.error) ? opts.data.error : this.txtErrorLoadHistory, + msg: (opts.data.error) ? Common.Utils.String.htmlEncode(opts.data.error) : this.txtErrorLoadHistory, iconCls: 'warn', buttons: ['ok'], callback: _.bind(function(btn){ diff --git a/apps/documenteditor/main/app/view/MailMergeSettings.js b/apps/documenteditor/main/app/view/MailMergeSettings.js index 407a314d9f..ef4f53ba8e 100644 --- a/apps/documenteditor/main/app/view/MailMergeSettings.js +++ b/apps/documenteditor/main/app/view/MailMergeSettings.js @@ -634,7 +634,7 @@ define([ width: 500, closable: false, title: this.notcriticalErrorTitle, - msg: opts.data.error, + msg: Common.Utils.String.htmlEncode(opts.data.error), iconCls: 'warn', buttons: _.isEmpty(opts.data.createEmailAccountUrl) ? ['ok'] : [{value: 'custom', caption: this.textGoToMail}, 'cancel'], primary: _.isEmpty(opts.data.createEmailAccountUrl) ? ['ok'] : 'custom', diff --git a/apps/pdfeditor/main/app/controller/Main.js b/apps/pdfeditor/main/app/controller/Main.js index 29ef9cc698..56478ae1d8 100644 --- a/apps/pdfeditor/main/app/controller/Main.js +++ b/apps/pdfeditor/main/app/controller/Main.js @@ -542,7 +542,7 @@ define([ this.api.asc_coAuthoringDisconnect(); Common.NotificationCenter.trigger('collaboration:sharingdeny'); Common.NotificationCenter.trigger('api:disconnect'); - !old_rights && Common.UI.TooltipManager.showTip({ step: 'changeRights', text: _.isEmpty(data.message) ? this.warnProcessRightsChange : data.message, + !old_rights && Common.UI.TooltipManager.showTip({ step: 'changeRights', text: _.isEmpty(data.message) ? this.warnProcessRightsChange : Common.Utils.String.htmlEncode(data.message), target: '#toolbar', maxwidth: 600, showButton: false, automove: true, noHighlight: true, noArrow: true, multiple: true, callback: function() { me._state.lostEditingRights = false; diff --git a/apps/presentationeditor/main/app/controller/Main.js b/apps/presentationeditor/main/app/controller/Main.js index 83ea23fa36..7e4b567ef0 100644 --- a/apps/presentationeditor/main/app/controller/Main.js +++ b/apps/presentationeditor/main/app/controller/Main.js @@ -558,7 +558,7 @@ define([ this.api.asc_coAuthoringDisconnect(); Common.NotificationCenter.trigger('collaboration:sharingdeny'); Common.NotificationCenter.trigger('api:disconnect'); - !old_rights && Common.UI.TooltipManager.showTip({ step: 'changeRights', text: _.isEmpty(data.message) ? this.warnProcessRightsChange : data.message, + !old_rights && Common.UI.TooltipManager.showTip({ step: 'changeRights', text: _.isEmpty(data.message) ? this.warnProcessRightsChange : Common.Utils.String.htmlEncode(data.message), target: '#toolbar', maxwidth: 600, showButton: false, automove: true, noHighlight: true, noArrow: true, multiple: true, callback: function() { me._state.lostEditingRights = false; @@ -2832,7 +2832,7 @@ define([ } Common.UI.alert({ title: this.notcriticalErrorTitle, - msg: (opts.data.error) ? opts.data.error : this.txtErrorLoadHistory, + msg: (opts.data.error) ? Common.Utils.String.htmlEncode(opts.data.error) : this.txtErrorLoadHistory, iconCls: 'warn', buttons: ['ok'], callback: _.bind(function(btn){ diff --git a/apps/spreadsheeteditor/main/app/controller/Main.js b/apps/spreadsheeteditor/main/app/controller/Main.js index b0d6abaee2..8b7d6a74d6 100644 --- a/apps/spreadsheeteditor/main/app/controller/Main.js +++ b/apps/spreadsheeteditor/main/app/controller/Main.js @@ -634,7 +634,7 @@ define([ this.api.asc_coAuthoringDisconnect(); Common.NotificationCenter.trigger('collaboration:sharingdeny'); Common.NotificationCenter.trigger('api:disconnect'); - !old_rights && Common.UI.TooltipManager.showTip({ step: 'changeRights', text: _.isEmpty(data.message) ? this.warnProcessRightsChange : data.message, + !old_rights && Common.UI.TooltipManager.showTip({ step: 'changeRights', text: _.isEmpty(data.message) ? this.warnProcessRightsChange : Common.Utils.String.htmlEncode(data.message), target: '#toolbar', maxwidth: 600, showButton: false, automove: true, noHighlight: true, noArrow: true, multiple: true, callback: function() { me._state.lostEditingRights = false; @@ -3552,7 +3552,7 @@ define([ } Common.UI.alert({ title: this.notcriticalErrorTitle, - msg: (opts.data.error) ? opts.data.error : this.txtErrorLoadHistory, + msg: (opts.data.error) ? Common.Utils.String.htmlEncode(opts.data.error) : this.txtErrorLoadHistory, iconCls: 'warn', buttons: ['ok'], callback: _.bind(function(btn){ diff --git a/apps/visioeditor/main/app/controller/Main.js b/apps/visioeditor/main/app/controller/Main.js index 96aae703b5..0800e422ca 100644 --- a/apps/visioeditor/main/app/controller/Main.js +++ b/apps/visioeditor/main/app/controller/Main.js @@ -486,7 +486,7 @@ define([ this.api.asc_coAuthoringDisconnect(); Common.NotificationCenter.trigger('collaboration:sharingdeny'); Common.NotificationCenter.trigger('api:disconnect'); - !old_rights && Common.UI.TooltipManager.showTip({ step: 'changeRights', text: _.isEmpty(data.message) ? this.warnProcessRightsChange : data.message, + !old_rights && Common.UI.TooltipManager.showTip({ step: 'changeRights', text: _.isEmpty(data.message) ? this.warnProcessRightsChange : Common.Utils.String.htmlEncode(data.message), target: '#toolbar', maxwidth: 600, showButton: false, automove: true, noHighlight: true, noArrow: true, multiple: true, callback: function() { me._state.lostEditingRights = false;