From 019746068992d03c1bbf4f46282a552552ea9e0c Mon Sep 17 00:00:00 2001
From: =?utf8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?=
 <avarab@gmail.com>
Date: Tue, 29 Sep 2009 09:23:11 +0000
Subject: [PATCH] Escape user-supplied JavaScript. Fixes
 http://lists.openstreetmap.org/pipermail/talk/2009-September/042846.ht

---
 app/views/site/edit.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/site/edit.html.erb b/app/views/site/edit.html.erb
index 948b1fad5..d3258c9cf 100644
--- a/app/views/site/edit.html.erb
+++ b/app/views/site/edit.html.erb
@@ -65,7 +65,7 @@ zoom='14' if zoom.nil?
   
   window.onbeforeunload=function() {
     if (!changesaved) {
-      return "<%= t 'site.edit.potlatch_unsaved_changes' %>";
+      return '#{escape_javascript(t('site.edit.potlatch_unsaved_changes'))}';
     }
   }
 
-- 
2.43.2