From 1efa591d67ffe996d46da2cf2e93d1f066d56093 Mon Sep 17 00:00:00 2001
From: Albert Santoni <albert.santoni@sourcefabric.org>
Date: Thu, 9 Jul 2015 12:49:49 -0400
Subject: [PATCH] Fixed double HTML encoding on embedded schedule widget

---
 airtime_mvc/application/common/WidgetHelper.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/airtime_mvc/application/common/WidgetHelper.php b/airtime_mvc/application/common/WidgetHelper.php
index 8be23e200..fe36ee317 100644
--- a/airtime_mvc/application/common/WidgetHelper.php
+++ b/airtime_mvc/application/common/WidgetHelper.php
@@ -69,6 +69,8 @@ class WidgetHelper
      * We don't do any timezone conversion in this function on purpose. All timezone conversion
      * and show time ordering should be done on the frontend.
      *
+     * *** This function does no HTML encoding. It is up to the caller to escape or encode the data appropriately.
+     *
      * @return array
      */
     public static function getWeekInfoV2()
@@ -139,9 +141,6 @@ class WidgetHelper
         }
         $result["shows"] = $shows;
 
-        // XSS exploit prevention
-        SecurityHelper::htmlescape_recursive($result);
-
         // convert image paths to point to api endpoints
         //TODO: do we need this here?
         self::findAndConvertPaths($result);