From 3b74c0e3b83d110d18444c262ecab1cb99493264 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Mon, 9 Jan 2017 14:52:45 -0500
Subject: [PATCH] FIX: Don't allow formatting in titles when quoting other
 topics

---
 lib/pretty_text/helpers.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/pretty_text/helpers.rb b/lib/pretty_text/helpers.rb
index fa61e9efc2f..1c0c2f0e1a1 100644
--- a/lib/pretty_text/helpers.rb
+++ b/lib/pretty_text/helpers.rb
@@ -50,7 +50,7 @@ module PrettyText
       topic = Topic.find_by(id: topic_id)
       if topic && Guardian.new.can_see?(topic)
         {
-          title: topic.title,
+          title: Rack::Utils.escape_html(topic.title),
           href: topic.url
         }
       end