From ae7e77216e74eb0708bebd76d79fdc2848c22233 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Barrag=C3=A1n=20Merino?=
 <david.barragan@kaleidos.net>
Date: Mon, 13 Oct 2014 13:11:50 +0200
Subject: [PATCH] Escape project.name in invitation page

---
 app/coffee/modules/auth.coffee | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/coffee/modules/auth.coffee b/app/coffee/modules/auth.coffee
index e9b8aaae..2695afc6 100644
--- a/app/coffee/modules/auth.coffee
+++ b/app/coffee/modules/auth.coffee
@@ -364,7 +364,7 @@ InvitationDirective = ($auth, $confirm, $location, $params, $navUrls, $analytics
             $analytics.trackEvent("auth", "invitationAccept", "invitation accept with existing user", 1)
             $location.path($navUrls.resolve("project", {project: $scope.invitation.project_slug}))
             $confirm.notify("success", "You've successfully joined this project",
-                                       "Welcome to #{$scope.invitation.project_name}")
+                                       "Welcome to #{_.escape($scope.invitation.project_name)}")
 
         onErrorSubmitLogin = (response) ->
             $confirm.notify("light-error", "According to our Oompa Loompas, your are not registered yet or
@@ -393,7 +393,7 @@ InvitationDirective = ($auth, $confirm, $location, $params, $navUrls, $analytics
             $analytics.trackEvent("auth", "invitationAccept", "invitation accept with new user", 1)
             $location.path($navUrls.resolve("project", {project: $scope.invitation.project_slug}))
             $confirm.notify("success", "You've successfully joined this project",
-                                       "Welcome to #{$scope.invitation.project_name}")
+                                       "Welcome to #{_.escape($scope.invitation.project_name)}")
 
         onErrorSubmitRegister = (response) ->
             $confirm.notify("light-error", "According to our Oompa Loompas, that