From a3ca4c81ae20f0179b754a8cd525a6d6fb41d1cd Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Mon, 21 Aug 2017 13:05:18 +0200
Subject: [PATCH] [SECURITY] Fix XSS vulnerability in typeahead.js

---
 src/pretix/static/pretixcontrol/js/ui/typeahead.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pretix/static/pretixcontrol/js/ui/typeahead.js b/src/pretix/static/pretixcontrol/js/ui/typeahead.js
index d640bdbf5d..2ad6bd815f 100644
--- a/src/pretix/static/pretixcontrol/js/ui/typeahead.js
+++ b/src/pretix/static/pretixcontrol/js/ui/typeahead.js
@@ -22,11 +22,11 @@ $(function () {
                             $("<li>").append(
                                 $("<a>").attr("href", res.url).append(
                                     $("<div>").append(
-                                        $("<span>").addClass("event-name-full").append(res.name)
+                                        $("<span>").addClass("event-name-full").append($("<div>").text(res.name).html())
                                     ).append(
                                         $("<span>").addClass("event-organizer").append(
                                             $("<span>").addClass("fa fa-users fa-fw")
-                                        ).append(" ").append(res.organizer)
+                                        ).append(" ").append($("<div>").text(res.organizer).html())
                                     ).append(
                                         $("<span>").addClass("event-daterange").append(
                                             $("<span>").addClass("fa fa-calendar fa-fw")