From 1bba2c99137be743bdf90e92828392e03ee513f5 Mon Sep 17 00:00:00 2001
From: epriestley <epriestley@phabricator.com>
Date: Mon, 11 Apr 2011 20:24:33 -0700
Subject: [PATCH] Fix XSS in path names of inline comment list.

---
 .../view/revisioncomment/DifferentialRevisionCommentView.php    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/applications/differential/view/revisioncomment/DifferentialRevisionCommentView.php b/src/applications/differential/view/revisioncomment/DifferentialRevisionCommentView.php
index 86e81999f7..1d0691d1f9 100644
--- a/src/applications/differential/view/revisioncomment/DifferentialRevisionCommentView.php
+++ b/src/applications/differential/view/revisioncomment/DifferentialRevisionCommentView.php
@@ -119,7 +119,7 @@ final class DifferentialRevisionCommentView extends AphrontView {
         $inline_render[] =
           '<tr>'.
             '<th colspan="2">'.
-              $changeset->getFileName().
+              phutil_escape_html($changeset->getFileName()).
             '</th>'.
           '</tr>';
         foreach ($inlines as $inline) {