From 8c193293c6f42e8dd1522c8d5cd26febc8a20f02 Mon Sep 17 00:00:00 2001
From: David Barksdale <amatus.amongus@gmail.com>
Date: Wed, 4 Apr 2012 22:19:02 -0500
Subject: Avoid html injection.

This is probably unnecessary because valid unix usernames
don't have any bad characters in them.
---
 src/ctf_website/views/home.clj | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ctf_website/views/home.clj b/src/ctf_website/views/home.clj
index 450d605..566a9ca 100644
--- a/src/ctf_website/views/home.clj
+++ b/src/ctf_website/views/home.clj
@@ -2,7 +2,7 @@
   (:require [ctf-website.views.common :as common]
             [noir.session :as session])
   (:use [noir.core :only [defpage]]
-        [hiccup.core :only [html]]))
+        [hiccup.core :only [h]]))
 
 (defpage
   "/" []
@@ -13,7 +13,7 @@
         [:a {:href "login"} "Compete"]
         [:form {:method "POST"
                 :action "flag"}
-         [:p (str "Submit flag as " username ":")
+         [:p (str "Submit flag as " (h username) ":")
           [:input {:type "text"
                    :name "flag"}]
           [:input {:type "submit"
-- 
cgit v1.2.3-18-g5258