From 6c852a849ae5c5375ba8ac0207c8c86e8bf0c148 Mon Sep 17 00:00:00 2001
From: PangeaCake <PangeaCake@users.noreply.github.com>
Date: Wed, 21 Jan 2015 19:04:01 -0800
Subject: [PATCH] Prevent HTML injection through /topic!!!!

Really big security issue here.
---
 src/plugins/irc-events/topic.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/plugins/irc-events/topic.js b/src/plugins/irc-events/topic.js
index 9814b1a..779360b 100644
--- a/src/plugins/irc-events/topic.js
+++ b/src/plugins/irc-events/topic.js
@@ -29,7 +29,7 @@ module.exports = function(irc, network) {
 		chan.topic = topic
 		client.emit("topic", {
 			chan: chan.id,
-			topic: topic
+			topic: _.escape(topic)
 		});
 	});
 };