Client: Escaping HTML in /list output

author Darren <darren@darrenwhitlen.com>

Sun, 4 Nov 2012 02:03:32 +0000 (02:03 +0000)

committer Darren <darren@darrenwhitlen.com>

Sun, 4 Nov 2012 02:03:32 +0000 (02:03 +0000)
author Darren <darren@darrenwhitlen.com>
Sun, 4 Nov 2012 02:03:32 +0000 (02:03 +0000)
committer Darren <darren@darrenwhitlen.com>
Sun, 4 Nov 2012 02:03:32 +0000 (02:03 +0000)
diff --git a/client/assets/dev/applet_chanlist.js b/client/assets/dev/applet_chanlist.js

index 8898a2c4469bf9b1b9dc36db7f1f21721b722b26..2c32e140855074071a41a014ed76675e90e9c5ed 100644 (file)
--- a/client/assets/dev/applet_chanlist.js
+++ b/client/assets/dev/applet_chanlist.js
@@ -65,7 +65,7 @@
              }\r
              _.each(channels, function (chan) {\r
                  var html, channel;\r
-                html = '<tr><td><a class="chan">' + chan.channel + '</a></td><td class="num_users" style="text-align: center;">' + chan.num_users + '</td><td style="padding-left: 2em;">' + formatIRCMsg(chan.topic) + '</td></tr>';\r
+                html = '<tr><td><a class="chan">' + _.escape(chan.channel) + '</a></td><td class="num_users" style="text-align: center;">' + chan.num_users + '</td><td style="padding-left: 2em;">' + formatIRCMsg(_.escape(chan.topic)) + '</td></tr>';\r
                  chan.html = html;\r
                  that.view.channels.push(chan);\r
              });\r
author	Darren <darren@darrenwhitlen.com>
	Sun, 4 Nov 2012 02:03:32 +0000 (02:03 +0000)
committer	Darren <darren@darrenwhitlen.com>
	Sun, 4 Nov 2012 02:03:32 +0000 (02:03 +0000)