Certain hosts could try to inject html using the <body> tag as a reference point (replacing it server-side), this could break all the javascript of the post page

Signed-off-by: emanuele <[email protected]>

Sources/QueryString.php

@@ -572,6 +572,7 @@ function JavaScriptEscape($string)
 		'\'' => '\\\'',
 		'</' => '<\' + \'/',
 		'script' => 'scri\'+\'pt',
+		'<body>' => '<bo\'+\'dy>',
 		'<a href' => '<a hr\'+\'ef',
 		$scripturl => '\' + smf_scripturl + \'',
 	)) . '\'';