From e00c23bc491cd4fcfd6fcc72b3cc77a2ec52323c Mon Sep 17 00:00:00 2001
From: Tim <timvdwest@gmail.com>
Date: Sun, 6 Dec 2015 14:39:50 +0200
Subject: [PATCH] Escape input on friendy_name change.

---
 data/interfaces/default/edit_user.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/interfaces/default/edit_user.html b/data/interfaces/default/edit_user.html
index 1e19b66e..502ab11a 100644
--- a/data/interfaces/default/edit_user.html
+++ b/data/interfaces/default/edit_user.html
@@ -115,7 +115,7 @@ DOCUMENTATION :: END
                 success: function(data) {
                     $("#edit-user-status-message").html(data);
                     if ($.trim(friendly_name) !== '') {
-                        $(".set-username").html(friendly_name);
+                        $('.set-username').html(document.createTextNode(friendly_name));
                     }
                     $("#user-profile-thumb").attr('src', thumb);
                 }