From 914dd2dd8d2ffd3c17f94f625a21a90fd096969e Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Thu, 26 Mar 2015 15:15:58 -0400
Subject: [PATCH] FIX: Escape the title of a topic when replying as new

---
 app/assets/javascripts/discourse/controllers/topic.js.es6 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/discourse/controllers/topic.js.es6 b/app/assets/javascripts/discourse/controllers/topic.js.es6
index c99a986550c..c532e55ea18 100644
--- a/app/assets/javascripts/discourse/controllers/topic.js.es6
+++ b/app/assets/javascripts/discourse/controllers/topic.js.es6
@@ -427,8 +427,8 @@ export default ObjectController.extend(Discourse.SelectedPostsCount, BufferedCon
       }).then(function() {
         return Em.isEmpty(quotedText) ? Discourse.Post.loadQuote(post.get('id')) : quotedText;
       }).then(function(q) {
-        const postUrl = "" + location.protocol + "//" + location.host + (post.get('url')),
-              postLink = "[" + self.get('title') + "](" + postUrl + ")";
+        const postUrl = "" + location.protocol + "//" + location.host + post.get('url'),
+              postLink = "[" + Handlebars.escapeExpression(self.get('title')) + "](" + postUrl + ")";
         composerController.appendText(I18n.t("post.continue_discussion", { postLink: postLink }) + "\n\n" + q);
       });
     },