Skip to content

Commit

Permalink
single message: use _.escapeHTML(…) around the header's properties
Browse files Browse the repository at this point in the history
  • Loading branch information
@Mithgol
Mithgol committed Jul 15, 2014
1 parent 1c6fb15 commit 0d442c7
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions script/1message.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ var outputSingleMessage = function(header, callback){
'<tr>',
'<th class="inverse">From</th>',
'<td>',
decoded.from || '',
_.escapeHTML(decoded.from) || '',
'</td>',
'<td class="origAddr">',
'<i class="fa fa-spinner fa-spin"></i>',
Expand All @@ -234,7 +234,7 @@ var outputSingleMessage = function(header, callback){
'</tr>',
'<tr>',
'<th class="inverse">To</th>',
'<td>' + (decoded.to ||'') + '</td>',
'<td>' + ( _.escapeHTML(decoded.to) ||'') + '</td>',
// decoded.toAddr is traditionally ignored outside of netmail:
'<td></td>', //'<td>' + (decoded.toAddr ||'') + '</td>',
'<td width=1>',
Expand All @@ -252,7 +252,7 @@ var outputSingleMessage = function(header, callback){
'<tr>',
'<th class="inverse">Subj</th>',
'<td colspan=3>',
decoded.subj || '',
_.escapeHTML(decoded.subj) || '',
'</td>',
'</tr>',
'<tr>',
Expand Down

0 comments on commit 0d442c7

Please sign in to comment.