escape tags so it is safe from xss

Author: swaroopsm

lib/fusioncharts/rails/chart.rb

@@ -84,7 +84,7 @@ def jsonUrl?
 
       # Render the chart
       def render
-        config = self.options.to_json
+        config = json_escape JSON.generate(self.options)
         dataUrlFormat = self.jsonUrl? ? "json" : ( self.xmlUrl ? "xml" : nil )
         template = File.read(File.expand_path("../../../templates/chart.erb", __FILE__))
         renderer = ERB.new(template)
@@ -118,6 +118,11 @@ def parse_options
         parse_datasource_json
       end
 
+      # Escape tags in json, if avoided might be vulnerable to XSS
+      def json_escape(str)
+        str.to_s.gsub('/', '\/')
+      end
+
     end
 
 end