From 390dfa210db395dc2c5b36512679835ab4a9f965 Mon Sep 17 00:00:00 2001
From: Pieter Hooimeijer <pieter@fb.com>
Date: Thu, 13 Sep 2012 12:18:52 -0700
Subject: [PATCH] fix ponder escaping issue

Summary: Question titles were not escaped; now they are.

Test Plan: Observe the escaping.

Reviewers: epriestley

Reviewed By: epriestley

CC: nh, aran, Korvin

Differential Revision: https://secure.phabricator.com/D3490
---
 src/applications/ponder/view/PonderQuestionDetailView.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/applications/ponder/view/PonderQuestionDetailView.php b/src/applications/ponder/view/PonderQuestionDetailView.php
index f23c628b10..a9326e724a 100644
--- a/src/applications/ponder/view/PonderQuestionDetailView.php
+++ b/src/applications/ponder/view/PonderQuestionDetailView.php
@@ -46,7 +46,9 @@ final class PonderQuestionDetailView extends AphrontView {
 
     $panel = id(new AphrontPanelView())
       ->addClass("ponder-panel")
-      ->setHeader($this->renderObjectLink().' '.$question->getTitle());
+      ->setHeader(
+        $this->renderObjectLink().' '.
+        phutil_escape_html($question->getTitle()));
 
     $contentview = new PonderPostBodyView();
     $contentview