From 913d9d3f37a8ec9702abaf50410ca1ac126e094a Mon Sep 17 00:00:00 2001
From: Mike Gelfand <mikedld@mikedld.com>
Date: Fri, 23 Feb 2018 22:37:20 +0300
Subject: [PATCH] HTML-escape torrent name displayed in trackers inspector tab

This will prevent injection of arbitrary HTML when multiple torrents are
selected. Follow-up to the previous commit.
---
 web/javascript/inspector.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/javascript/inspector.js b/web/javascript/inspector.js
index 917334dd3..419ad263b 100644
--- a/web/javascript/inspector.js
+++ b/web/javascript/inspector.js
@@ -716,7 +716,7 @@ function Inspector(controller) {
 			html.push ('<div class="inspector_group">');
 
 			if (torrents.length > 1)
-				html.push('<div class="inspector_torrent_label">', tor.getName(), '</div>');
+				html.push('<div class="inspector_torrent_label">', sanitizeText(tor.getName()), '</div>');
 
 			tier = -1;
 			trackers = tor.getTrackers();