From 8cee54c446ea4473eeae7ad2ddc93c7beae1819b Mon Sep 17 00:00:00 2001
From: matthew <properties@users.noreply.github.com>
Date: Mon, 26 Sep 2016 21:36:27 +0200
Subject: [PATCH] Update options.js

Fixing XSS problem
---
 src/js/options.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/js/options.js b/src/js/options.js
index 868603e..b4259e7 100644
--- a/src/js/options.js
+++ b/src/js/options.js
@@ -47,7 +47,7 @@
 
 			this.$createDescription = this.$el.find(".options-headers-create-description");
 			this.$createHeader = this.$el.find(".options-headers-create-header");
-			this.$createValue = this.$el.find(".options-headers-create-value");
+			this.$createValue = escape(this.$el.find(".options-headers-create-value"));
 			this.$createActive = this.$el.find(".options-headers-create-active");
 
 			this.listenTo(this.headers, "add", this.renderSingle);
@@ -73,7 +73,7 @@
 			this.headers.create({
 				description: this.$createDescription.val(),
 				header: this.$createHeader.val(),
-				value: this.$createValue.val(),
+				value: escape(this.$createValue.val()),
 				active: this.$createActive.is(":checked")
 			});