From: Kai Krueger <kakrueger@gmail.com>
Date: Wed, 10 Mar 2010 08:38:53 +0000 (+0000)
Subject: Escape javascript in output
X-Git-Tag: live~5064^2~231
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/ef9f53f8611a3d733300f2e65bd9e7d0a3eb1a65

Escape javascript in output
---

diff --git a/app/views/map_bugs/get_bugs.js.erb b/app/views/map_bugs/get_bugs.js.erb
index 0364587df..5bc9aafda 100644
--- a/app/views/map_bugs/get_bugs.js.erb
+++ b/app/views/map_bugs/get_bugs.js.erb
@@ -2,6 +2,6 @@
 
 <% else %>
 	<% @bugs.each do |bug| %> 
-putAJAXMarker(<%= bug.id.to_s %> , <%= bug.lon.to_s %> , <%= bug.lat.to_s %> , '<%= bug.flatten_comment("<hr />") %>', <%= (bug.status=="open"?"0":"1") %> );
+putAJAXMarker(<%= bug.id.to_s %> , <%= bug.lon.to_s %> , <%= bug.lat.to_s %> , '<%= escape_javascript(bug.flatten_comment("<hr />")) %>', <%= (bug.status=="open"?"0":"1") %> );
     <% end %>
 <% end %>
\ No newline at end of file