From 5f47f2226ac3d837ca475975da867c6aae7a88e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Thu, 11 Dec 2014 03:09:09 -0500
Subject: [PATCH] escape topic title and category name

---
 src/middleware/middleware.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js
index 7ab5edb709..647fe4d007 100644
--- a/src/middleware/middleware.js
+++ b/src/middleware/middleware.js
@@ -212,7 +212,7 @@ middleware.buildBreadcrumbs = function(req, res, next) {
 					}
 
 					breadcrumbs.unshift({
-						text: data.name,
+						text: validator.escape(data.name),
 						url: nconf.get('relative_path') + '/category/' + data.slug
 					});
 
@@ -242,7 +242,7 @@ middleware.buildBreadcrumbs = function(req, res, next) {
 	if (req.params.topic_id) {
 		topics.getTopicFields(parseInt(req.params.topic_id, 10), ['cid', 'title', 'slug'], function(err, data) {
 			breadcrumbs.unshift({
-				text: data.title,
+				text: validator.escape(data.title),
 				url: nconf.get('relative_path') + '/topic/' + data.slug
 			});