Prevent HTML injection through /topic!!!!

Really big security issue here.
2024-06-01 21:32:17 +02:00 · 2015-01-21 19:04:01 -08:00 · 2015-01-21 19:04:01 -08:00 · 6c852a849a
parent 890c751bb6
commit 6c852a849a
1 changed files with 1 additions and 1 deletions
--- a/src/plugins/irc-events/topic.js
+++ b/src/plugins/irc-events/topic.js
@ -29,7 +29,7 @@ module.exports = function(irc, network) {
 		chan.topic = topic
 		client.emit("topic", {
 			chan: chan.id,
-			topic: topic
+			topic: _.escape(topic)
 		});
 	});
 };