From fdc2ecd86fe84da13e018b283606aa9b3a8dd0d2 Mon Sep 17 00:00:00 2001 From: isymchych Date: Wed, 4 Nov 2015 17:01:11 +0200 Subject: [PATCH] escape html from username --- modules/UI/videolayout/LocalVideo.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/UI/videolayout/LocalVideo.js b/modules/UI/videolayout/LocalVideo.js index 0a6c49c5b..51fa47d26 100644 --- a/modules/UI/videolayout/LocalVideo.js +++ b/modules/UI/videolayout/LocalVideo.js @@ -130,6 +130,8 @@ LocalVideo.prototype.setDisplayName = function(displayName, key) { }; LocalVideo.prototype.inputDisplayNameHandler = function (name) { + name = UIUtil.escapeHtml(name); + NicknameHandler.setNickname(name); var localDisplayName = $('#localDisplayName');