From 92dbee9efc93a30baa4a17cf2f96e5cb5daa05b3 Mon Sep 17 00:00:00 2001
From: Benjamin Kellermann <Benjamin.Kellermann@gmx.de>
Date: Fri, 5 Oct 2012 21:20:53 +0200
Subject: XSS fix (thanks to Nico Suhl)

---
 timestring.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'timestring.rb')

diff --git a/timestring.rb b/timestring.rb
index 387aba3..f61e631 100644
--- a/timestring.rb
+++ b/timestring.rb
@@ -73,7 +73,7 @@ class TimeString
 		if @time
 			"#{@date} #{time_to_s}"
 		else
-			@date.to_s
+			CGI.escapeHTML(@date.to_s)
 		end
 	end
 	def inspect
-- 
cgit v1.2.3