escape url

7 years ago · 742ddd358b
parent 70c19ff546
commit 742ddd358b
1 changed files with 1 additions and 1 deletions
--- a/public/src/modules/pictureCropper.js
+++ b/public/src/modules/pictureCropper.js
@ -33,7 +33,7 @@ define('pictureCropper', ['translator', 'cropper', 'benchpress'], function (tran
 	module.handleImageCrop = function (data, callback) {
 		$('#crop-picture-modal').remove();
 		Benchpress.parse('modals/crop_picture', {
-			url: data.url,
+			url: utils.escapeHTML(data.url),
 		}, function (cropperHtml) {
 			translator.translate(cropperHtml, function (translated) {
 				var cropperModal = $(translated);