From 92b4d10aff738c18dee7e2d8d4d394904ccd6259 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Thu, 7 Jul 2016 16:56:21 +0300
Subject: backport xss fix from develop

---
 juick-www/src/webapp/scripts.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'juick-www')

diff --git a/juick-www/src/webapp/scripts.js b/juick-www/src/webapp/scripts.js
index 32427e1e..93594f71 100644
--- a/juick-www/src/webapp/scripts.js
+++ b/juick-www/src/webapp/scripts.js
@@ -76,11 +76,11 @@ function wsIncomingReply(msg) {
         '<div class="msg-menu"><a href="#" onclick="showMessageLinksDialog('+msg.mid+','+msg.rid+'); return false"></a></div>'+
         '<div class="msg-header"><a href="/'+msg.user.uname+'/">@'+msg.user.uname+'</a>:</div>'+
         '<div class="msg-ts"><a href="/'+msg.mid+'#'+msg.rid+'" title="'+msg.timestamp+' GMT">'+msg.timestamp+'</a></div>'+
-        '<div class="msg-txt">'+msg.body+'</div>'+
+        '<div class="msg-txt"></div>'+
         '<div class="msg-links"><a href="#" onclick="return showCommentForm('+msg.mid+','+msg.rid+')">Ответить</a></div>'+
         '<div class="msg-comment" style="display: none"></div>'+
         '</div>');
-    
+    $(li).find('.msg-txt').text(msg.body);
     if(p) {
         li.css('margin-left',parseInt(p.css('margin-left'))+20+'px');
         p.after(li);
-- 
cgit v1.2.3