aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Martischka <petermartischka@googlemail.com>2010-04-11 22:22:36 +0200
committerPeter Martischka <pita@pitapoison.de>2010-04-11 22:22:36 +0200
commit6f0061961975df9a0c3ebab68386d8d65b706959 (patch)
tree41b4525f8385f1bfa54a0e5b2e570145f04f3f24
parenta51a2c6574145d4dcf05fb6e0f2657cb08aa4a72 (diff)
downloadetherpad-6f0061961975df9a0c3ebab68386d8d65b706959.tar.gz
etherpad-6f0061961975df9a0c3ebab68386d8d65b706959.tar.xz
etherpad-6f0061961975df9a0c3ebab68386d8d65b706959.zip
Fixed a a serious Security Bug, HTML injection!
-rw-r--r--etherpad/src/static/js/broadcast_slider.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/etherpad/src/static/js/broadcast_slider.js b/etherpad/src/static/js/broadcast_slider.js
index 255d7f2..8977e3d 100644
--- a/etherpad/src/static/js/broadcast_slider.js
+++ b/etherpad/src/static/js/broadcast_slider.js
@@ -138,7 +138,7 @@ var global = this;
swatchtd.append(swatch);
tr.append(swatchtd);
var nametd = $('<td></td>');
- nametd.html(author.name || "unnamed");
+ nametd.text(author.name || "unnamed");
tr.append(nametd);
$("#authorstable").append(tr);
} else {