From 3d9f26bad1dc5371f7e86c0596ee59215624d3cb Mon Sep 17 00:00:00 2001
From: Jui-Nan Lin <jnlin@pixnet.tw>
Date: Mon, 6 Jun 2011 19:54:42 +0800
Subject: [PATCH] escape the hash string to prevent XSS

---
 js/jquery.mobile.navigation.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/jquery.mobile.navigation.js b/js/jquery.mobile.navigation.js
index 6a4e2439c22..3c96788c05c 100644
--- a/js/jquery.mobile.navigation.js
+++ b/js/jquery.mobile.navigation.js
@@ -77,7 +77,7 @@
 
 			//just return the url without an initial #
 			stripHash: function( url ) {
-				return url.replace( /^#/, "" );
+				return encodeURI(url.replace( /^#/, "" ));
 			},
 
 			//remove the preceding hash, any query params, and dialog notations