From a400e5de818d13e4a435b9346a9bbf795fad3fc7 Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Tue, 25 Mar 2014 12:23:55 -0400
Subject: [PATCH] #1269

---
 src/categories.js        | 3 +++
 src/controllers/admin.js | 4 ----
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/categories.js b/src/categories.js
index 1dc3afdaf0..b9118aeb34 100644
--- a/src/categories.js
+++ b/src/categories.js
@@ -11,6 +11,7 @@ var db = require('./database'),
 	CategoryTools = require('./categoryTools'),
 	meta = require('./meta'),
 	emitter = require('./emitter'),
+	validator = require('validator'),
 
 	async = require('async'),
 	winston = require('winston'),
@@ -247,6 +248,8 @@ var db = require('./database'),
 
 			for (var i=0; i<categories.length; ++i) {
 				if (categories[i]) {
+					categories[i].name = validator.escape(categories[i].name);
+					categories[i].description = validator.escape(categories[i].description);
 					categories[i].backgroundImage = categories[i].image ? nconf.get('relative_path') + categories[i].image : '';
 					categories[i].disabled = categories[i].disabled ? parseInt(categories[i].disabled, 10) !== 0 : false;
 				}
diff --git a/src/controllers/admin.js b/src/controllers/admin.js
index 0cc98bbd25..97f6efdc42 100644
--- a/src/controllers/admin.js
+++ b/src/controllers/admin.js
@@ -55,10 +55,6 @@ function filterAndRenderCategories(req, res, next, active) {
 			return active ? !category.disabled : category.disabled;
 		});
 
-		data.categories.forEach(function(category) {
-			category.description = validator.escape(category.description);
-		});
-
 		res.render('admin/categories', data);
 	});
 }