Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-01-10 17:42:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape displayname in topic events

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2025-04-22 11:46:03 -04:00
parent 6832541c02
commit 42a5a127b6
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/topics/events.js
View File

@@ -1,5 +1,6 @@
'use strict';
const validator = require('validator');
const _ = require('lodash');
const nconf = require('nconf');
const db = require('../database');
@@ -107,7 +108,13 @@ function renderUser(event) {
if (!event.user || event.user.system) {
return '[[global:system-user]]';
}
return `${helpers.buildAvatar(event.user, '16px', true)} <a href="${relative_path}/user/${event.user.userslug}">${event.user.displayname}</a>`;
const user = {
...event.user,
displayname: validator.escape(String(event.user.displayname)),
};
return `${helpers.buildAvatar(user, '16px', true)} <a href="${relative_path}/user/${user.userslug}">${user.displayname}</a>`;
}
function renderTimeago(event) {