From 5925c93d3d9aa4a7a6865adcd6cb89efa534014c Mon Sep 17 00:00:00 2001
From: matthew <properties@users.noreply.github.com>
Date: Mon, 26 Sep 2016 21:35:13 +0200
Subject: [PATCH] Update common.js

Fixing XSS problem
---
 src/js/common.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/js/common.js b/src/js/common.js
index 79b2eb3..9935210 100644
--- a/src/js/common.js
+++ b/src/js/common.js
@@ -49,7 +49,7 @@ var HeaderSDK = {
 				.append($(document.createElement("input"))
 					.attr("type", "text")
 					.attr("name", "description")
-					.val(this.model.get("description"))
+					.val(escape(this.model.get("description")))
 					.addClass("options-header-input"))
 				.addClass("options-header-cell");
 
@@ -58,7 +58,7 @@ var HeaderSDK = {
 				.append($(document.createElement("input"))
 					.attr("type", "text")
 					.attr("name", "header")
-					.val(this.model.get("header"))
+					.val(escape(this.model.get("header")))
 					.addClass("options-header-input"))
 				.addClass("options-header-cell");
 			
@@ -67,7 +67,7 @@ var HeaderSDK = {
 				.append($(document.createElement("input"))
 					.attr("type", "text")
 					.attr("name", "value")
-					.val(this.model.get("value"))
+					.val(escape(this.model.get("value")))
 					.addClass("options-header-input"))
 				.addClass("options-header-cell");
 			
@@ -75,7 +75,7 @@ var HeaderSDK = {
 				.append($(document.createElement("input"))
 					.attr("type", "checkbox")
 					.attr("name", "active")
-					.prop("checked", this.model.get("active"))
+					.prop("checked", escape(this.model.get("active")))
 					.addClass("options-header-checkbox"))
 				.addClass("");
 			
@@ -105,7 +105,7 @@ var HeaderSDK = {
 			var $input = $(event.target);
 
 			var name = $input.attr("name");
-			var value = $input.val();
+			var value = escape($input.val());
 			var data = {};
 			data[name] = value;