Fixed a a serious Security Bug, HTML injection!

(see: http://github.com/Pita/pad/commit/6f0061961975df9a0c3ebab68386d8d65b706959)
author: Alexander Sulfrian <alexander@sulfrian.net> 2010-04-27 14:00:46 +0200
committer: Alexander Sulfrian <alexander@sulfrian.net> 2010-04-27 14:00:46 +0200
commit: 69a204936c1e26830d623c4023edc816400b4ed7 (patch)
tree: 9a31f4b45fbe9e857dcd8b5b9084c22fc37efdb9
parent: 97cd701fcb7a3a9db0b663e252661c1637b2cc08 (diff)
download: etherpad-69a204936c1e26830d623c4023edc816400b4ed7.tar.gz
etherpad-69a204936c1e26830d623c4023edc816400b4ed7.tar.xz
etherpad-69a204936c1e26830d623c4023edc816400b4ed7.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/etherpad/src/static/js/broadcast_slider.js b/etherpad/src/static/js/broadcast_slider.js
index 255d7f2..371663e 100644
--- a/etherpad/src/static/js/broadcast_slider.js
+++ b/etherpad/src/static/js/broadcast_slider.js
@@ -138,7 +138,7 @@ var global = this;
         swatchtd.append(swatch);
         tr.append(swatchtd);
         var nametd = $('<td></td>');
-        nametd.html(author.name || "unnamed");
+        nametd.text(author.name || "unnamed");
         tr.append(nametd);
         $("#authorstable").append(tr);
       } else {
@@ -398,4 +398,4 @@ var global = this;
 
 BroadcastSlider.onSlider(function(loc) {
   $("#viewlatest").html(loc==BroadcastSlider.getSliderLength()?"Viewing latest content":"View latest content");
-})
-\ No newline at end of file
+})
author	Alexander Sulfrian <alexander@sulfrian.net>	2010-04-27 14:00:46 +0200
committer	Alexander Sulfrian <alexander@sulfrian.net>	2010-04-27 14:00:46 +0200
commit	69a204936c1e26830d623c4023edc816400b4ed7 (patch)
tree	9a31f4b45fbe9e857dcd8b5b9084c22fc37efdb9
parent	97cd701fcb7a3a9db0b663e252661c1637b2cc08 (diff)
download	etherpad-69a204936c1e26830d623c4023edc816400b4ed7.tar.gz etherpad-69a204936c1e26830d623c4023edc816400b4ed7.tar.xz etherpad-69a204936c1e26830d623c4023edc816400b4ed7.zip