From b8debe756af71a375f8e34e880612bc1eb0dff50 Mon Sep 17 00:00:00 2001
From: Mayhem <stepien.nicolas@gmail.com>
Date: Fri, 9 May 2014 11:33:46 +0200
Subject: [PATCH] Fix #1634.

---
 CHANGELOG.md             | 2 ++
 src/General/Build.coffee | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f51c690c0..ab580b0d5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,5 @@
+- [Security fix](https://github.com/MayhemYDG/4chan-x/issues/1634).
+
 ### 3.20.12 - *2014-05-03*
 
 - Fix quoting.
diff --git a/src/General/Build.coffee b/src/General/Build.coffee
index a2652156b..19b2e83a4 100644
--- a/src/General/Build.coffee
+++ b/src/General/Build.coffee
@@ -47,7 +47,7 @@ Build =
         name:      data.filename + data.ext
         timestamp: "#{data.tim}#{data.ext}"
         url: if boardID is 'f'
-          "//i.4cdn.org/#{boardID}/#{data.filename}#{data.ext}"
+          "//i.4cdn.org/#{boardID}/#{escape data.filename}#{data.ext}"
         else
           "//i.4cdn.org/#{boardID}/#{data.tim}#{data.ext}"
         height:    data.h
@@ -271,7 +271,7 @@ Build =
     pageCount = Index.liveThreadIDs.indexOf(thread.ID) // Index.threadsNumPerPage + 1
 
     subject = if thread.OP.info.subject
-      "<div class='subject'>#{thread.OP.info.subject}</div>"
+      "<div class='subject'>#{thread.OP.nodes.subject.innerHTML}</div>"
     else
       ''
     comment = thread.OP.nodes.comment.innerHTML.replace /(<br>\s*){2,}/g, '<br>'