From d46b83c6025a2c319d4891372b5f1f20174d84e8 Mon Sep 17 00:00:00 2001
From: Lucas Melo <lucaspradomelo@gmail.com>
Date: Fri, 31 May 2013 12:56:19 -0300
Subject: [PATCH] chat.js: escape html tags in messages

---
 public/javascripts/chat.js | 1 +
 1 file changed, 1 insertion(+), 0 deletions(-)

diff --git a/public/javascripts/chat.js b/public/javascripts/chat.js
index 6e59864..90488cb 100644
--- a/public/javascripts/chat.js
+++ b/public/javascripts/chat.js
@@ -99,6 +99,7 @@ jQuery(function($) {
      },
 
      render_body_message: function(body) {
+        body = body.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/\r?\n/g, '<br>');
         body = $().emoticon(body);
         body = linkify(body, {
            callback: function(text, href) {
--
libgit2 0.21.2