3.1.4 release with security fixes

Author: spocke

SECURITY.md

@@ -0,0 +1 @@
+Tiny values the work of security researchers in improving the security of technology products worldwide. We welcome researchers who wish to responsibly disclose vulnerabilities in our products or systems. Note that we do not offer any “bug bounty” program or any form of payment for disclosed vulnerabilities. If you would like to report a vulnerability, please email infosec@tiny.cloud.

js/jquery.plupload.queue/jquery.plupload.queue.js

@@ -301,7 +301,7 @@ used as it is.
 
 									// Rename file and glue extension back on
 									file.name = targetInput.val() + ext;
-									targetSpan.html(file.name);
+									targetSpan.text(file.name);
 									targetInput.blur();
 								}
 							});

js/jquery.plupload.queue/jquery.plupload.queue.min.js

@@ -489,7 +489,7 @@ $.widget("ui.plupload", {
 					break;
 			}
 
-			message += " <br /><i>" + details + "</i>";
+			message += " <br /><i>" + plupload.xmlEncode(details) + "</i>";
 
 			self._trigger('error', null, { up: up, error: err } );
 
@@ -1305,7 +1305,7 @@ $.widget("ui.plupload", {
 					// Rename file and glue extension back on
 					if (e.keyCode === 13) {
 						file.name = nameInput.val() + ext;
-						nameSpan.html(file.name);
+						nameSpan.text(file.name);
 					}
 					nameInput.blur();
 				}

js/jquery.ui.plupload/jquery.ui.plupload.js

@@ -1,8 +1,8 @@
 {
     "name": "plupload",
     "description": "Plupload is a JavaScript API for dealing with file uploads it supports features like multiple file selection, file type filtering, request chunking, client side image scaling and it uses different runtimes to achieve this such as HTML 5, Silverlight and Flash.",
-    "version": "3.1.3",
-    "releaseDate": "2021-03-29",
+    "version": "3.1.4",
+    "releaseDate": "2021-11-15",
     "author": "Ephox",
     "contributors": [{
         "name": "Davit Barbakadze",

js/jquery.ui.plupload/jquery.ui.plupload.min.js

@@ -223,7 +223,7 @@ used as it is.
 
 						fileList.append(
 							'<li id="' + file.id + '">' +
-								'<div class="plupload_file_name"><span>' + file.name + '</span></div>' +
+								'<div class="plupload_file_name"><span>' + plupload.xmlEncode(file.name) + '</span></div>' +
 								'<div class="plupload_file_action"><a href="#"></a></div>' +
 								'<div class="plupload_file_status">' + file.percent + '%</div>' +
 								'<div class="plupload_file_size">' + plupload.formatSize(file.size) + '</div>' +
@@ -301,7 +301,7 @@ used as it is.
 
 									// Rename file and glue extension back on
 									file.name = targetInput.val() + ext;
-									targetSpan.html(file.name);
+									targetSpan.text(file.name);
 									targetInput.blur();
 								}
 							});

package.json

@@ -489,7 +489,7 @@ $.widget("ui.plupload", {
 					break;
 			}
 
-			message += " <br /><i>" + details + "</i>";
+			message += " <br /><i>" + plupload.xmlEncode(details) + "</i>";
 
 			self._trigger('error', null, { up: up, error: err } );
 
@@ -1305,7 +1305,7 @@ $.widget("ui.plupload", {
 					// Rename file and glue extension back on
 					if (e.keyCode === 13) {
 						file.name = nameInput.val() + ext;
-						nameSpan.html(file.name);
+						nameSpan.text(file.name);
 					}
 					nameInput.blur();
 				}