Index: src/java/org/jivesoftware/webchat/util/FormUtils.java
===================================================================
--- src/java/org/jivesoftware/webchat/util/FormUtils.java (revision 10949)
+++ src/java/org/jivesoftware/webchat/util/FormUtils.java (working copy)
@@ -32,9 +32,9 @@
String cookieValue = getCookieValueForField(formField.getVariable(), request);
String insertValue = "";
if(ModelUtil.hasLength(cookieValue)){
- insertValue = "value=\""+cookieValue+"\"";
+ insertValue = "value=\""+StringUtils.escapeHTMLTags(cookieValue)+"\"";
}
- builder.append("");
+ builder.append("");
}
else if (formField.getType().equals(FormField.TYPE_TEXT_MULTI)) {
builder.append("