Escape event titles in year view.

author Jan Schneider <jan@horde.org>

Fri, 9 Oct 2009 16:11:52 +0000 (18:11 +0200)

committer Jan Schneider <jan@horde.org>

Mon, 12 Oct 2009 16:18:33 +0000 (18:18 +0200)
author Jan Schneider <jan@horde.org>
Fri, 9 Oct 2009 16:11:52 +0000 (18:11 +0200)
committer Jan Schneider <jan@horde.org>
Mon, 12 Oct 2009 16:18:33 +0000 (18:18 +0200)
diff --git a/kronolith/js/kronolith.js b/kronolith/js/kronolith.js

index 39147bf..3323732 100644 (file)
--- a/kronolith/js/kronolith.js
+++ b/kronolith/js/kronolith.js
@@ -925,7 +925,7 @@ KronolithCore = {
                      } else {
                          title += event.value.start.toString('t') + '-' + event.value.end.toString('t');
                      }
-                    title += ': ' + event.value.t;
+                    title += ': ' + event.value.t.escapeHTML();
                      if (event.value.x == Kronolith.conf.status.tentative ||
                          event.value.x == Kronolith.conf.status.confirmed) {
                              busy = true;
author	Jan Schneider <jan@horde.org>
	Fri, 9 Oct 2009 16:11:52 +0000 (18:11 +0200)
committer	Jan Schneider <jan@horde.org>
	Mon, 12 Oct 2009 16:18:33 +0000 (18:18 +0200)