From 75ebe7861926179a9a11b04541ecde035224720c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Mon, 20 Sep 2021 10:16:16 -0400 Subject: [PATCH] fix: escape moderation note before adding to dom --- public/src/client/account/info.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/src/client/account/info.js b/public/src/client/account/info.js index 6e57439bff..05631ffa4f 100644 --- a/public/src/client/account/info.js +++ b/public/src/client/account/info.js @@ -21,7 +21,7 @@ define('forum/account/info', ['forum/account/header', 'components', 'forum/accou app.alertSuccess('[[user:info.moderation-note.success]]'); var timestamp = Date.now(); var data = [{ - note: note, + note: utils.escapeHTML(note), user: app.user, timestamp: timestamp, timestampISO: utils.toISOString(timestamp),