xss attacks has been executed

[SerikK]

Hi! I have detected that there is xss attack not prevented. I guess because of these code ` $comments[$Comment->id] = $Comment->attributes;

$CommentListWidget ->getView() ->registerJs('jQuery("#' . $CommentListWidget->options['id'] . '").yiiCommentsList(' . Json::encode($comments) . ');');` As can be seen from these codes there seems to be no encoding of each attributes in Comment object.

[rmrevin]

Hi. Thanks for issue. We need a unit test to fix the problem.