From 27972c120284cdc48f03d5ef379ce809a228cefa Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Sun, 15 Apr 2018 18:44:28 +0530
Subject: [PATCH] SECURITY: escape HTML entities from topic title

---
 lib/guardian/category_guardian.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/guardian/category_guardian.rb b/lib/guardian/category_guardian.rb
index 567fbdbdd99..92572105e74 100644
--- a/lib/guardian/category_guardian.rb
+++ b/lib/guardian/category_guardian.rb
@@ -34,7 +34,7 @@ module CategoryGuardian
     if category.topic_count != 0
       oldest_topic = category.topics.where.not(id: category.topic_id).order('created_at ASC').limit(1).first
       if oldest_topic
-        return I18n.t('category.cannot_delete.topic_exists', count: category.topic_count, topic_link: "<a href=\"#{oldest_topic.url}\">#{oldest_topic.title}</a>")
+        return I18n.t('category.cannot_delete.topic_exists', count: category.topic_count, topic_link: "<a href=\"#{oldest_topic.url}\">#{CGI.escapeHTML(oldest_topic.title)}</a>")
       else
         # This is a weird case, probably indicating a bug.
         return I18n.t('category.cannot_delete.topic_exists_no_oldest', count: category.topic_count)