We are now escaping many template fields

view/theme/frio/templates/event_stream_item.tpl

@@ -17,16 +17,16 @@
 					{{if $location.map}}<button id="event-map-btn-{{$id}}" class="event-map-btn btn-link fakelink nav nav-pills preferences" data-map-id="event-location-map-{{$id}}" data-show-label="{{$show_map_label}}" data-hide-label="{{$hide_map_label}}">{{$map_btn_label}}</button>{{/if}}
 					<div class="event-property">
 						<span class="event-date">
-							<span class="event-start dtstart" title="{{$dtstart_title}}">{{$start_short}}</span>
-							{{if $finish}} - <span class="event-end dtend" title="{{$dtend_title}}">{{if $same_date}}{{$end_time}}{{else}}{{$end_short}}{{/if}}</span>{{/if}}
+							<span class="event-start dtstart" title="{{$dtstart_title|escape}}">{{$start_short}}</span>
+							{{if $finish}} - <span class="event-end dtend" title="{{$dtend_title|escape}}">{{if $same_date}}{{$end_time}}{{else}}{{$end_short}}{{/if}}</span>{{/if}}
 						</span>
 						{{if $location.name}}
 						<span role="presentation" aria-hidden="true"> · </span>
-						<span class="event-location event-card-location">{{$location.name}}</span>
+						<span class="event-location event-card-location">{{$location.name|escape}}</span>
 						{{/if}}
 					</div>
 					<div class="event-card-profile-name profile-entry-name">
-						<a href="{{$author_link}}" class="userinfo">{{$author_name}}</a>
+						<a href="{{$author_link}}" class="userinfo">{{$author_name|escape}}</a>
 					</div>
 					{{if $location.map}}
 					<div id="event-location-map-{{$id}}" class="event-location-map">{{$location.map}}</div>