fix: prevent XSS — escape setting data for javascript code

Author: unsektor

template/pages/home.tpl.php

@@ -10,7 +10,7 @@
     <div id="layers"></div>
 <?php
 if ($this->homeTitle):
-    echo "    <script>document.title = '".$this->homeTitle."';</script>\n";
+    echo "    <script>document.title = '".addslashes($this->homeTitle)."';</script>\n";
 endif;
 
 if (!empty($this->featuredBox['altHomeLogo'])):