From c7094197bfe4b6702397e147847ef9cfd8d21b63 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Thu, 14 Feb 2013 18:15:14 +0100
Subject: Sanitize HTML

---
 settings/js/users.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'settings/js')

diff --git a/settings/js/users.js b/settings/js/users.js
index da18b4be836..086b0884a3b 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -308,7 +308,7 @@ $(document).ready(function () {
 		event.stopPropagation();
 		var img = $(this);
 		var uid = img.parent().parent().attr('data-uid');
-		var displayName = img.parent().parent().attr('data-displayName');
+		var displayName = escapeHTML(img.parent().parent().attr('data-displayName'));
 		var input = $('<input type="text" value="' + displayName + '">');
 		img.css('display', 'none');
 		img.parent().children('span').replaceWith(input);
@@ -329,7 +329,7 @@ $(document).ready(function () {
 			}
 		});
 		input.blur(function () {
-			$(this).replaceWith($(this).val());
+			$(this).replaceWith(escapeHTML($(this).val()));
 			img.css('display', '');
 		});
 	});
-- 
cgit v1.2.3