1
0
mirror of https://github.com/wbbaddons/Tims-Chat.git synced 2024-12-22 21:40:08 +00:00

Escaping HTML in userlist

This commit is contained in:
Tim Düsterhus 2012-07-01 13:59:14 +02:00
parent a2c7691e46
commit 2f664ceccc

View File

@ -366,7 +366,7 @@ window.console ?=
li.addClass 'timsChatAway' li.addClass 'timsChatAway'
li.attr 'title', user.awayStatus li.attr 'title', user.awayStatus
li.data 'username', user.username li.data 'username', user.username
a = $ '<a href="javascript:;">'+user.username+'</a>' a = $ '<a href="javascript:;">' + WCF.String.escapeHTML(user.username) + '</a>'
a.click $.proxy (event) -> a.click $.proxy (event) ->
event.preventDefault() event.preventDefault()
@toggleUserMenu $ event.target @toggleUserMenu $ event.target