Merge pull request #16611 from nextcloud/backport/16599/stable15

[stable15] Fix/xss/on favorite file

Author: rullzer

apps/files/js/tagsplugin.js

@@ -103,7 +103,7 @@
 		var innerTagA = document.createElement('A');
 		innerTagA.setAttribute("href", url);
 		innerTagA.setAttribute("class", "nav-icon-files svg");
-		innerTagA.innerHTML = appName;
+		innerTagA.innerHTML = _.escape(appName);
 
 		var length = listLIElements.length + 1;
 		var innerTagLI = document.createElement('li');

apps/theming/js/3rdparty/jscolor/jscolor.js

@@ -1100,7 +1100,7 @@ var jsc = {
 				if (jsc.isElementType(this.valueElement, 'input')) {
 					this.valueElement.value = value;
 				} else {
-					this.valueElement.innerHTML = value;
+					this.valueElement.innerHTML = _.escape(value);
 				}
 			}
 			if (!(flags & jsc.leaveStyle)) {