From c4fcef52ce22c028b0ec2b80a7f2cbff775b7caa Mon Sep 17 00:00:00 2001
From: Jan Schneider <jan@horde.org>
Date: Fri, 9 Oct 2009 18:11:52 +0200
Subject: [PATCH] Escape event titles in year view.

---
 kronolith/js/kronolith.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kronolith/js/kronolith.js b/kronolith/js/kronolith.js
index 39147bf0c..332373243 100644
--- a/kronolith/js/kronolith.js
+++ b/kronolith/js/kronolith.js
@@ -925,7 +925,7 @@ KronolithCore = {
                     } else {
                         title += event.value.start.toString('t') + '-' + event.value.end.toString('t');
                     }
-                    title += ': ' + event.value.t;
+                    title += ': ' + event.value.t.escapeHTML();
                     if (event.value.x == Kronolith.conf.status.tentative ||
                         event.value.x == Kronolith.conf.status.confirmed) {
                             busy = true;
-- 
2.11.0