From 5bb7b5b368efd32bb03c8ff8da8c85a09fb8b29c Mon Sep 17 00:00:00 2001
From: Howaner <me@howaner.de>
Date: Wed, 1 May 2019 01:03:16 +0200
Subject: [PATCH] Fixed XSS

---
 data/web/js/site/quarantine.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/data/web/js/site/quarantine.js b/data/web/js/site/quarantine.js
index c4d19cf9..2c6f58c1 100644
--- a/data/web/js/site/quarantine.js
+++ b/data/web/js/site/quarantine.js
@@ -90,8 +90,9 @@ jQuery(function($){
         $('#qid_detail_recipients').html('');
         if (typeof data.recipients !== 'undefined') {
           $.each(data.recipients, function(index, value) {
-            var displayStr = value.address + (value.type != 'to' ? (' (' + value.type.toUpperCase() + ')') : '');
-            $('#qid_detail_recipients').append('<span class="mail-address-item")>' + displayStr + '</span>');
+            var elem = $('<span class="mail-address-item"></span>');
+            elem.text(value.address + (value.type != 'to' ? (' (' + value.type.toUpperCase() + ')') : ''));
+            $('#qid_detail_recipients').append(elem);
           });
         }