JavaScript Code injection -> Time slider

[NineBerry]

Hi

There is a vulnerability in the Timeline slider code. It is possible
to inject javascript code by choosing the appropriate user name.

When using the username "<script>alert(0)</script>", the alert
function will be executed when viewing the timeline slider.

Quick fix: Change broadcast_slider.js and change the line

nametd.html(author.name || "unnamed");

to

nametd.text(author.name || "unnamed");

i.e. have JQuery escape possible html code in the username.