From c5f263ae7e0b0639e37ebdcd3928d75189af4e70 Mon Sep 17 00:00:00 2001
From: Darren <darren@darrenwhitlen.com>
Date: Sun, 4 Nov 2012 02:03:32 +0000
Subject: [PATCH] Client: Escaping HTML in /list output

---
 client/assets/dev/applet_chanlist.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/assets/dev/applet_chanlist.js b/client/assets/dev/applet_chanlist.js
index 8898a2c..2c32e14 100644
--- a/client/assets/dev/applet_chanlist.js
+++ b/client/assets/dev/applet_chanlist.js
@@ -65,7 +65,7 @@
             }
             _.each(channels, function (chan) {
                 var html, channel;
-                html = '<tr><td><a class="chan">' + chan.channel + '</a></td><td class="num_users" style="text-align: center;">' + chan.num_users + '</td><td style="padding-left: 2em;">' + formatIRCMsg(chan.topic) + '</td></tr>';
+                html = '<tr><td><a class="chan">' + _.escape(chan.channel) + '</a></td><td class="num_users" style="text-align: center;">' + chan.num_users + '</td><td style="padding-left: 2em;">' + formatIRCMsg(_.escape(chan.topic)) + '</td></tr>';
                 chan.html = html;
                 that.view.channels.push(chan);
             });
-- 
2.25.1