fix sa mall possible xss in personImage handlebar helpers if the attacker had...

fix sa mall possible xss in personImage handlebar helpers if the attacker had access to your root domain. fixes #3392

fix sa mall possible xss in personImage handlebar helpers if the attacker had...
d3487c8b · Maxwell Salzberg · ab28c536 · d3487c8b
--- a/app/assets/javascripts/app/helpers/handlebars-helpers.js
+++ b/app/assets/javascripts/app/helpers/handlebars-helpers.js
@@ -22,5 +22,5 @@ Handlebars.registerHelper('personImage', function(person, size, imageClass) {
  size = (typeof(size) != "string" ? "small" : size);
  imageClass = (typeof(imageClass) != "string" ? size : imageClass);
-  return "<img src=\"" + person.avatar[size] +"\" class=\"avatar " + imageClass + "\" title=\"" + person.name +"\" />";
+  return "<img src=\"" + person.avatar[size] +"\" class=\"avatar " + imageClass + "\" title=\"" + _.escape(person.name) +"\" />";
 })