Sanitize name in user auto complete (#43691).

git-svn-id: https://svn.redmine.org/redmine/trunk@24342 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-03-18 02:20:59 +01:00 · 2026-01-22 18:12:19 +00:00
parent a76b0d6c19
commit 587fd2fbc6
2 changed files with 17 additions and 1 deletions
--- a/app/assets/javascripts/application-legacy.js
+++ b/app/assets/javascripts/application-legacy.js
@@ -1348,7 +1348,7 @@ function inlineAutoComplete(element) {
            }
          },
          menuItemTemplate: function (user) {
-            return user.original.name;
+            return sanitizeHTML(user.original.name);
          },
          selectTemplate: function (user) {
            return '@' + user.original.login;