Escape user values in nav template

2025-11-13 08:46:04 +01:00 · 2016-01-17 10:51:40 +01:00
parent 08135ee843
commit 5816a34e64
1 changed files with 3 additions and 3 deletions
--- a/themes/grav/templates/partials/nav.html.twig
+++ b/themes/grav/templates/partials/nav.html.twig
@@ -9,12 +9,12 @@

    {#{% if admin.authorize %}#}
    <div id="admin-user-details">
-        <a href="{{ base_url_relative }}/users/{{ admin.user.username }}">
+        <a href="{{ base_url_relative }}/users/{{ admin.user.username|e }}">
            <img src="//www.gravatar.com/avatar/{{ admin.user.email|md5 }}?s=32" />

            <div class="admin-user-names">
-                <h4>{{ admin.user.fullname }}</h4>
-                <h5>{{ admin.user.title }}</h5>
+                <h4>{{ admin.user.fullname|e }}</h4>
+                <h5>{{ admin.user.title|e }}</h5>
            </div>
        </a>
    </div>