diff options
| author | Peter Martischka <petermartischka@googlemail.com> | 2010-04-11 22:22:36 +0200 |
|---|---|---|
| committer | Peter Martischka <pita@pitapoison.de> | 2010-04-11 22:22:36 +0200 |
| commit | 6f0061961975df9a0c3ebab68386d8d65b706959 (patch) | |
| tree | 41b4525f8385f1bfa54a0e5b2e570145f04f3f24 | |
| parent | a51a2c6574145d4dcf05fb6e0f2657cb08aa4a72 (diff) | |
| download | etherpad-6f0061961975df9a0c3ebab68386d8d65b706959.tar.gz etherpad-6f0061961975df9a0c3ebab68386d8d65b706959.tar.xz etherpad-6f0061961975df9a0c3ebab68386d8d65b706959.zip | |
Fixed a a serious Security Bug, HTML injection!
| -rw-r--r-- | etherpad/src/static/js/broadcast_slider.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etherpad/src/static/js/broadcast_slider.js b/etherpad/src/static/js/broadcast_slider.js index 255d7f2..8977e3d 100644 --- a/etherpad/src/static/js/broadcast_slider.js +++ b/etherpad/src/static/js/broadcast_slider.js @@ -138,7 +138,7 @@ var global = this; swatchtd.append(swatch); tr.append(swatchtd); var nametd = $('<td></td>'); - nametd.html(author.name || "unnamed"); + nametd.text(author.name || "unnamed"); tr.append(nametd); $("#authorstable").append(tr); } else { |