From 69a204936c1e26830d623c4023edc816400b4ed7 Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alexander@sulfrian.net>
Date: Tue, 27 Apr 2010 14:00:46 +0200
Subject: Fixed a a serious Security Bug, HTML injection!

(see: http://github.com/Pita/pad/commit/6f0061961975df9a0c3ebab68386d8d65b706959)
---
 etherpad/src/static/js/broadcast_slider.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/etherpad/src/static/js/broadcast_slider.js b/etherpad/src/static/js/broadcast_slider.js
index 255d7f2..371663e 100644
--- a/etherpad/src/static/js/broadcast_slider.js
+++ b/etherpad/src/static/js/broadcast_slider.js
@@ -138,7 +138,7 @@ var global = this;
         swatchtd.append(swatch);
         tr.append(swatchtd);
         var nametd = $('<td></td>');
-        nametd.html(author.name || "unnamed");
+        nametd.text(author.name || "unnamed");
         tr.append(nametd);
         $("#authorstable").append(tr);
       } else {
@@ -398,4 +398,4 @@ var global = this;
 
 BroadcastSlider.onSlider(function(loc) {
   $("#viewlatest").html(loc==BroadcastSlider.getSliderLength()?"Viewing latest content":"View latest content");
-})
\ No newline at end of file
+})
-- 
cgit v1.2.3