Escape all IDs in HTML.

[Sone.git] / src / main / resources / templates / include / head.html

diff --git a/src/main/resources/templates/include/head.html b/src/main/resources/templates/include/head.html
index b1d01bc..c198fc4 100644 (file)
--- a/src/main/resources/templates/include/head.html
+++ b/src/main/resources/templates/include/head.html
@@ -13,7 +13,7 @@
 
                <div id="profile" class="<%ifnull currentSone>offline<%else>online<%/if>">
                        <div class="picture"></div>
-                       <div class="nice-name profile-link"><a href="viewSone.html?sone=<% currentSone.id>"><% currentSone.niceName|html></a></div>
+                       <div class="nice-name profile-link"><a href="viewSone.html?sone=<% currentSone.id|html>"><% currentSone.niceName|html></a></div>
                        <div class="edit-profile-link"><a href="editProfile.html"><%= View.Head.ProfileLink.Text|l10n|html></a></div>
                        <%ifnull ! currentSone>
                                <%include include/updateStatus.html>