Escape input on friendy_name change.

2015-12-06 14:39:50 +02:00
parent b0fa0d534e
commit e00c23bc49
1 changed files with 1 additions and 1 deletions
--- a/data/interfaces/default/edit_user.html
+++ b/data/interfaces/default/edit_user.html
@@ -115,7 +115,7 @@ DOCUMENTATION :: END
                success: function(data) {
                    $("#edit-user-status-message").html(data);
                    if ($.trim(friendly_name) !== '') {
-                        $(".set-username").html(friendly_name);
+                        $('.set-username').html(document.createTextNode(friendly_name));
                    }
                    $("#user-profile-thumb").attr('src', thumb);
                }