From 663a5a0e7cc5a73d5325a01775ec48563bf0de60 Mon Sep 17 00:00:00 2001
From: Florian Staudacher <florian_staudacher@yahoo.de>
Date: Fri, 24 Feb 2012 14:09:54 +0100
Subject: [PATCH] escape all passed params in js - fixes #2922

---
 app/views/status_messages/bookmarklet.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/status_messages/bookmarklet.html.haml b/app/views/status_messages/bookmarklet.html.haml
index 04e5d41bd..2ce78d895 100644
--- a/app/views/status_messages/bookmarklet.html.haml
+++ b/app/views/status_messages/bookmarklet.html.haml
@@ -47,7 +47,7 @@
         window.setTimeout(window.close, 2000, true);
       });
 
-      var contents = "#{params[:title]} - #{params[:url]}";
+      var contents = "#{escape_javascript params[:title]} - #{escape_javascript params[:url]}";
       var notes    = "#{escape_javascript params[:notes]}";
       if (notes.length > 0){
         contents = contents + " - " + notes;