From ab571c6985a4ef68bade13c2bb2e42a2f014e994 Mon Sep 17 00:00:00 2001
From: Victor Shyba <victor.shyba@gmail.com>
Date: Tue, 3 Feb 2015 14:28:42 -0300
Subject: +@kaofelix, for #173. Fix XSS on suggestions

---
 web-ui/app/js/mail_view/ui/recipients/recipients_input.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'web-ui/app/js/mail_view/ui')

diff --git a/web-ui/app/js/mail_view/ui/recipients/recipients_input.js b/web-ui/app/js/mail_view/ui/recipients/recipients_input.js
index 11c1468c..5b3464f6 100644
--- a/web-ui/app/js/mail_view/ui/recipients/recipients_input.js
+++ b/web-ui/app/js/mail_view/ui/recipients/recipients_input.js
@@ -122,7 +122,10 @@ define([
           highlight: true,
           minLength: 1
         }, {
-          source: createEmailCompleter().ttAdapter()
+          source: createEmailCompleter().ttAdapter(),
+          templates: {
+              suggestion: function (o) { return _.escape(o['value']) }
+          }
         });
       };
 
-- 
cgit v1.2.3