From 424c279e9efb4640e2c794ec92290efc723be5ef Mon Sep 17 00:00:00 2001
From: Jonathan Rosenbaum <gnuser@gmail.com>
Date: Sun, 12 Nov 2017 02:35:42 +0000
Subject: [PATCH] Fixes #22 with escape()

---
 js/transaction.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/transaction.js b/js/transaction.js
index f53886e..18c2f6a 100644
--- a/js/transaction.js
+++ b/js/transaction.js
@@ -1373,7 +1373,7 @@ $(function() {
 										original_price: original_price,
 										amount: price,
 										redeemed_hours: parseFloat($("#volunteer_hours").text()) || rh,
-										description: $("#description").val(), 
+										description: escape($("#description").val()), 
 										sold_to: sold_to,
 										sold_by: $("[name='sold_by']").val(),
 										quantity: $("#quantity").val(),