From c5349c360f2b97bec763977735d650efe04b0b01 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sat, 8 Aug 2009 22:45:56 +0000
Subject: [PATCH 1/1] Escape usernames. Closes #2149.

---
 app/views/user/_friend_map.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/user/_friend_map.html.erb b/app/views/user/_friend_map.html.erb
index 72f02bd61..75303f10d 100644
--- a/app/views/user/_friend_map.html.erb
+++ b/app/views/user/_friend_map.html.erb
@@ -2,7 +2,7 @@
 <% if !@user.home_lat.nil? and !@user.home_lon.nil? %>
   <% if !@user.nearby.empty? %>
     <% @user.nearby.each do |nearby| %>
-    <% nearest_str += "nearest.push( { 'display_name' : '#{nearby.display_name}', 'home_lat' : #{nearby.home_lat}, 'home_lon' : #{nearby.home_lon} } );\n" %>
+    <% nearest_str += "nearest.push( { 'display_name' : '#{escape_javascript(nearby.display_name)}', 'home_lat' : #{nearby.home_lat}, 'home_lon' : #{nearby.home_lon} } );\n" %>
     <% end %>
   <% end %>
 <% end %>
-- 
2.43.2