From 4e69bff72fd04779064d37e46a43080e6c328adf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Fri, 6 Dec 2024 15:43:34 -0500
Subject: [PATCH] fix: escape about me on user flags

---
 src/flags.js               | 1 +
 src/views/flags/detail.tpl | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/flags.js b/src/flags.js
index 00bce1d9bd..be0f849244 100644
--- a/src/flags.js
+++ b/src/flags.js
@@ -663,6 +663,7 @@ Flags.canFlag = async function (type, id, uid, skipLimitCheck = false) {
 Flags.getTarget = async function (type, id, uid) {
 	if (type === 'user') {
 		const userData = await user.getUserData(id);
+		userData.aboutme = validator.escape(String(userData.aboutme));
 		return userData && userData.uid ? userData : {};
 	}
 	if (type === 'post') {
diff --git a/src/views/flags/detail.tpl b/src/views/flags/detail.tpl
index 6c8cd657f3..c1e39af6ac 100644
--- a/src/views/flags/detail.tpl
+++ b/src/views/flags/detail.tpl
@@ -123,7 +123,7 @@
 				{{{ end }}}
 
 				{{{ if type_bool.user }}}
-				<div class="d-flex gap-2">
+				<div class="d-flex gap-2 align-items-center lh-1 mb-2">
 					<a href="{config.relative_path}/user/{./target.userslug}">{buildAvatar(target, "16px", true)}</a>
 					<a href="{config.relative_path}/user/{./target.userslug}">{target.username}</a>
 				</div>