From ef9f53f8611a3d733300f2e65bd9e7d0a3eb1a65 Mon Sep 17 00:00:00 2001
From: Kai Krueger <kakrueger@gmail.com>
Date: Wed, 10 Mar 2010 08:38:53 +0000
Subject: [PATCH] Escape javascript in output

---
 app/views/map_bugs/get_bugs.js.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/map_bugs/get_bugs.js.erb b/app/views/map_bugs/get_bugs.js.erb
index 0364587df..5bc9aafda 100644
--- a/app/views/map_bugs/get_bugs.js.erb
+++ b/app/views/map_bugs/get_bugs.js.erb
@@ -2,6 +2,6 @@
 
 <% else %>
 	<% @bugs.each do |bug| %> 
-putAJAXMarker(<%= bug.id.to_s %> , <%= bug.lon.to_s %> , <%= bug.lat.to_s %> , '<%= bug.flatten_comment("<hr />") %>', <%= (bug.status=="open"?"0":"1") %> );
+putAJAXMarker(<%= bug.id.to_s %> , <%= bug.lon.to_s %> , <%= bug.lat.to_s %> , '<%= escape_javascript(bug.flatten_comment("<hr />")) %>', <%= (bug.status=="open"?"0":"1") %> );
     <% end %>
 <% end %>
\ No newline at end of file
-- 
2.43.2