From 5f47f2226ac3d837ca475975da867c6aae7a88e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Thu, 11 Dec 2014 03:09:09 -0500 Subject: [PATCH] escape topic title and category name --- src/middleware/middleware.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js index 7ab5edb709..647fe4d007 100644 --- a/src/middleware/middleware.js +++ b/src/middleware/middleware.js @@ -212,7 +212,7 @@ middleware.buildBreadcrumbs = function(req, res, next) { } breadcrumbs.unshift({ - text: data.name, + text: validator.escape(data.name), url: nconf.get('relative_path') + '/category/' + data.slug }); @@ -242,7 +242,7 @@ middleware.buildBreadcrumbs = function(req, res, next) { if (req.params.topic_id) { topics.getTopicFields(parseInt(req.params.topic_id, 10), ['cid', 'title', 'slug'], function(err, data) { breadcrumbs.unshift({ - text: data.title, + text: validator.escape(data.title), url: nconf.get('relative_path') + '/topic/' + data.slug });