Also encode > and '

author Lukas Reschke <lukas@statuscode.ch>

Sun, 13 Apr 2014 13:24:35 +0000 (15:24 +0200)

committer Lukas Reschke <lukas@statuscode.ch>

Sun, 13 Apr 2014 13:24:35 +0000 (15:24 +0200)
author Lukas Reschke <lukas@statuscode.ch>
Sun, 13 Apr 2014 13:24:35 +0000 (15:24 +0200)
committer Lukas Reschke <lukas@statuscode.ch>
Sun, 13 Apr 2014 13:24:35 +0000 (15:24 +0200)
diff --git a/core/js/js.js b/core/js/js.js

index f10c7163092cc2f5228aad706d23864611917a92..b712da4bd029dfb3bd744f197c3b833d61713add 100644 (file)
--- a/core/js/js.js
+++ b/core/js/js.js
@@ -151,7 +151,7 @@ function n(app, text_singular, text_plural, count, vars) {
  * @return Sanitized string
  */
  function escapeHTML(s) {
-       return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('"').join('&quot;');
+       return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('>').join('&gt;').split('"').join('&quot;').split('\'').join('&#039;');
  }
  
  /**
author	Lukas Reschke <lukas@statuscode.ch>
	Sun, 13 Apr 2014 13:24:35 +0000 (15:24 +0200)
committer	Lukas Reschke <lukas@statuscode.ch>
	Sun, 13 Apr 2014 13:24:35 +0000 (15:24 +0200)