Merge pull request #396 from isymchych/fix-username-xss

Escape html from username.
This commit is contained in:
yanas 2015-11-05 10:06:05 -06:00
commit a3264ce6b7
1 changed files with 2 additions and 0 deletions

View File

@ -130,6 +130,8 @@ LocalVideo.prototype.setDisplayName = function(displayName, key) {
}; };
LocalVideo.prototype.inputDisplayNameHandler = function (name) { LocalVideo.prototype.inputDisplayNameHandler = function (name) {
name = UIUtil.escapeHtml(name);
NicknameHandler.setNickname(name); NicknameHandler.setNickname(name);
var localDisplayName = $('#localDisplayName'); var localDisplayName = $('#localDisplayName');