From 625f47514f6271df09d0678f0e343c60fedf15dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Thu, 20 Feb 2025 09:18:03 -0500
Subject: [PATCH] fix: escape ip blacklist rules

---
 src/controllers/globalmods.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/controllers/globalmods.js b/src/controllers/globalmods.js
index 2ad0d54b4f..5b6b1ee607 100644
--- a/src/controllers/globalmods.js
+++ b/src/controllers/globalmods.js
@@ -1,5 +1,7 @@
 'use strict';
 
+const validator = require('validator');
+
 const user = require('../user');
 const meta = require('../meta');
 const analytics = require('../analytics');
@@ -20,7 +22,7 @@ globalModsController.ipBlacklist = async function (req, res, next) {
 	]);
 	res.render('ip-blacklist', {
 		title: '[[pages:ip-blacklist]]',
-		rules: rules,
+		rules: validator.escape(String(rules)),
 		analytics: analyticsData,
 		breadcrumbs: helpers.buildBreadcrumbs([{ text: '[[pages:ip-blacklist]]' }]),
 	});