Merge pull request #396 from isymchych/fix-username-xss
Escape html from username.
This commit is contained in:
commit
a3264ce6b7
|
@ -130,6 +130,8 @@ LocalVideo.prototype.setDisplayName = function(displayName, key) {
|
|||
};
|
||||
|
||||
LocalVideo.prototype.inputDisplayNameHandler = function (name) {
|
||||
name = UIUtil.escapeHtml(name);
|
||||
|
||||
NicknameHandler.setNickname(name);
|
||||
|
||||
var localDisplayName = $('#localDisplayName');
|
||||
|
|
Loading…
Reference in New Issue