From 6d363da8e0ee95dd39d24ad4698306c5e61e975b Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Mon, 1 Dec 2014 13:28:44 +0100
Subject: [PATCH] Sanitize font names and families

---
 programs/editor/widgets/fontPicker.js | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/programs/editor/widgets/fontPicker.js b/programs/editor/widgets/fontPicker.js
index fd3e60629..128fd59ac 100644
--- a/programs/editor/widgets/fontPicker.js
+++ b/programs/editor/widgets/fontPicker.js
@@ -23,9 +23,10 @@
  */
 /*global define,require,document */
 define("webodf/editor/widgets/fontPicker", [
-    "dijit/form/Select"],
+    "dijit/form/Select",
+    "dojox/html/entities"],
 
-    function (Select) {
+    function (Select, HtmlEntities) {
         "use strict";
 
         /**
@@ -91,7 +92,7 @@ define("webodf/editor/widgets/fontPicker", [
                     name = documentFonts[i].name;
                     family = documentFonts[i].family || name;
                     selectionList.push({
-                        label: '<span style="font-family: ' + family + ';">' + name + '</span>',
+                        label: '<span style="font-family: ' + HtmlEntities.encode(family) + ';">' + HtmlEntities.encode(name)+ '</span>',
                         value: name
                     });
                 }
@@ -104,7 +105,7 @@ define("webodf/editor/widgets/fontPicker", [
                 // Lastly populate the fonts provided by the editor
                 for (i = 0; i < editorFonts.length; i += 1) {
                     selectionList.push({
-                        label: '<span style="font-family: ' + editorFonts[i] + ';">' + editorFonts[i] + '</span>',
+                        label: '<span style="font-family: ' + HtmlEntities.encode(editorFonts[i]) + ';">' + HtmlEntities.encode(editorFonts[i]) + '</span>',
                         value: editorFonts[i]
                     });
                 }