From e24bd2c0e33f642e8fdbc0d6b6a52dc6624d0d9a Mon Sep 17 00:00:00 2001
From: Mikica Ivosevic <mikica.ivosevic@gmail.com>
Date: Thu, 30 Jul 2015 18:53:20 +0200
Subject: [PATCH] Update index.js, fix outgoing XSS

Fix XSS on /outgoing route
---
 src/controllers/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/controllers/index.js b/src/controllers/index.js
index 25e0b7f1ee..f08d696765 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -181,7 +181,7 @@ Controllers.robots = function (req, res) {
 Controllers.outgoing = function(req, res, next) {
 	var url = req.query.url,
 		data = {
-			url: url,
+			url: validator.escape(url),
 			title: meta.config.title,
 			breadcrumbs: helpers.buildBreadcrumbs([{text: '[[notifications:outgoing_link]]'}])
 		};