From a017ad19400d6a27d30998e0ded9e8b99b40c16e Mon Sep 17 00:00:00 2001
From: Hannes Mannerheim <h@nnesmannerhe.im>
Date: Thu, 4 Jun 2015 21:41:03 +0200
Subject: [PATCH] xss fix

---
 js/ajax-functions.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/js/ajax-functions.js b/js/ajax-functions.js
index cec35fc..79e2349 100644
--- a/js/ajax-functions.js
+++ b/js/ajax-functions.js
@@ -151,8 +151,9 @@ function getFromAPI(stream, actionOnSuccess) {
 			if(request.getResponseHeader('Qvitter-User-Array') !== null) {
 				addProfileCardToDOM(
 					buildProfileCard(
-						$.parseJSON(
-							request.getResponseHeader('Qvitter-User-Array'))));
+						iterateRecursiveReplaceHtmlSpecialChars(
+							$.parseJSON(
+								request.getResponseHeader('Qvitter-User-Array')))));
 				}
 			
 			data = convertEmptyObjectToEmptyArray(data);