From: Tom Hughes <tom@compton.nu>
Date: Sat, 8 Aug 2009 22:45:56 +0000 (+0000)
Subject: Escape usernames. Closes #2149.
X-Git-Tag: live~6733
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/c5349c360f2b97bec763977735d650efe04b0b01?hp=7ac66a371e0338e858c86fac54d5cf41b0e5964f

Escape usernames. Closes #2149.
---

diff --git a/app/views/user/_friend_map.html.erb b/app/views/user/_friend_map.html.erb
index 72f02bd61..75303f10d 100644
--- a/app/views/user/_friend_map.html.erb
+++ b/app/views/user/_friend_map.html.erb
@@ -2,7 +2,7 @@
 <% if !@user.home_lat.nil? and !@user.home_lon.nil? %>
   <% if !@user.nearby.empty? %>
     <% @user.nearby.each do |nearby| %>
-    <% nearest_str += "nearest.push( { 'display_name' : '#{nearby.display_name}', 'home_lat' : #{nearby.home_lat}, 'home_lon' : #{nearby.home_lon} } );\n" %>
+    <% nearest_str += "nearest.push( { 'display_name' : '#{escape_javascript(nearby.display_name)}', 'home_lat' : #{nearby.home_lat}, 'home_lon' : #{nearby.home_lon} } );\n" %>
     <% end %>
   <% end %>
 <% end %>