From d549ab359250b710926f5c48f6f085db71c02de9 Mon Sep 17 00:00:00 2001
From: rlx <rlx@rolux.org>
Date: Sun, 17 Jan 2016 15:53:50 +0530
Subject: [PATCH] fix another xss vuln

---
 static/js/transfersPanel.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/static/js/transfersPanel.js b/static/js/transfersPanel.js
index ef5b3cf..227ab67 100644
--- a/static/js/transfersPanel.js
+++ b/static/js/transfersPanel.js
@@ -14,7 +14,9 @@ oml.ui.transfersPanel = function() {
                     align: Ox.contains([
                         'size', 'transferprogress'
                     ], id) ? 'right' : 'left',
-                    format: key.format,
+                    format: function(value) {
+                        return Ox.encodeHTMLEntities(key.format(value));
+                    },
                     id: id,
                     operator: oml.getSortOperator(id),
                     title: Ox._(key.title),