Escape HTML in GET-provided hostname

A malicious user can enter javascript code in "h" GET parameter and this
code gets executed because this parameter is copied in the HTML output
without any escaping.  This patch escape the output before it is checked
it is valid.

0 files changed, 0 insertions, 0 deletions