From e21e3498f70c749d89b267ff1c002edc5a997a20 Mon Sep 17 00:00:00 2001
From: Eduard Urbach <e.urbach@gmail.com>
Date: Mon, 5 Nov 2018 12:55:12 +0900
Subject: [PATCH] Sanitize title input for activities

---
 pages/activity/activity.pixy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/activity/activity.pixy b/pages/activity/activity.pixy
index 916ddc9e..df7c2c95 100644
--- a/pages/activity/activity.pixy
+++ b/pages/activity/activity.pixy
@@ -13,4 +13,4 @@ component ActivityPost(post *arn.Post, user *arn.User)
 	//- 	span  commented on 
 	//- 	a(href=post.Parent().Link())= post.Parent().TitleByUser(user)
 
-	Postable(post, user, fmt.Sprintf(`<p class="activity-header"><a href="%s">%s</a></p>`, post.Parent().Link(), post.Parent().TitleByUser(user)), "")
\ No newline at end of file
+	Postable(post, user, fmt.Sprintf(`<p class="activity-header"><a href="%s">%s</a></p>`, post.Parent().Link(), html.EscapeString(post.Parent().TitleByUser(user))), "")
\ No newline at end of file