From d9ecfa3bd4f2185f03f9f3f50cdd08c8fdae734a Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sun, 13 Apr 2014 15:24:35 +0200
Subject: Also encode > and '

---
 core/js/js.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'core/js/js.js')

diff --git a/core/js/js.js b/core/js/js.js
index 80e9ac3f949..eba73bc24ea 100644
--- a/core/js/js.js
+++ b/core/js/js.js
@@ -151,7 +151,7 @@ function n(app, text_singular, text_plural, count, vars) {
 * @return Sanitized string
 */
 function escapeHTML(s) {
-	return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('"').join('&quot;');
+	return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('>').join('&gt;').split('"').join('&quot;').split('\'').join('&#039;');
 }
 
 /**
-- 
cgit v1.2.3