From 0f60b0cc448551901a4344cc620d0f1990238b8d Mon Sep 17 00:00:00 2001
From: Pieter de Bie <pdebie@ai.rug.nl>
Date: Fri, 26 Sep 2008 00:18:07 +0200
Subject: [PATCH] HTMLView: Escape commit message from HTML entities

---
 html/commit.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/html/commit.js b/html/commit.js
index b7af418..eb4b20e 100644
--- a/html/commit.js
+++ b/html/commit.js
@@ -9,11 +9,11 @@ var Commit = Class.create({
 		var messageStart = this.raw.indexOf("\n\n") + 2;
 
 		if (diffStart > 0) {
-			this.message = this.raw.substring(messageStart, diffStart);
-			this.diff = this.raw.substring(diffStart)
+			this.message = this.raw.substring(messageStart, diffStart).escapeHTML();
+			this.diff = this.raw.substring(diffStart);
 		} else {
-			this.message = this.raw.substring(messageStart)
-			this.diff = ""
+			this.message = this.raw.substring(messageStart).escapeHTML();
+			this.diff = "";
 		}
 		this.header = this.raw.substring(0, messageStart);
 
@@ -119,7 +119,7 @@ var loadCommit = function() {
 	else
 		$("authorID").innerHTML = commit.author_name;
 	$("date").innerHTML = commit.author_date;
-	$("subjectID").innerHTML =CommitObject.subject;
+	$("subjectID").innerHTML =CommitObject.subject.escapeHTML();
 	
 	$A($("commit_header").rows).each(function(row) {
 		if (row.innerHTML.match(/Parent:/))