From 1edd4012e4d3f0ab9456d5750e7be19ee55ee1f5 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <62480600+DerLinkman@users.noreply.github.com>
Date: Fri, 3 Jun 2022 14:37:56 +0200
Subject: [PATCH] [Web] escapehtml in mailbox.js (#4604)

Co-authored-by: FreddleSpl0it <patschul@posteo.de>
---
 data/web/js/site/mailbox.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index d03dec77..dedbe454 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -553,6 +553,7 @@ jQuery(function($){
               '</div>';
             item.chkbox = '<input type="checkbox" data-id="resource" name="multi_select" value="' + encodeURIComponent(item.name) + '" />';
             item.name = escapeHtml(item.name);
+            item.description = escapeHtml(item.description);
           });
         }
       }),
@@ -1022,7 +1023,7 @@ jQuery(function($){
             if (!item.exclude > 0) {
               item.exclude = '-';
             } else {
-              item.exclude  = '<code>' + item.exclude + '</code>';
+              item.exclude  = '<code>' + escapeHtml(item.exclude) + '</code>';
             }
             item.server_w_port = escapeHtml(item.user1) + '@' + item.host1 + ':' + item.port1;
             item.action = '<div class="btn-group footable-actions">' +