From 704d42d169ba1fe3cad4860a5ef79af04075522e Mon Sep 17 00:00:00 2001 From: yflory Date: Wed, 18 Dec 2019 16:08:22 +0100 Subject: [PATCH 1/2] Fix unsanitized name in profile --- www/profile/inner.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/profile/inner.js b/www/profile/inner.js index a1d070313..099a2d81b 100644 --- a/www/profile/inner.js +++ b/www/profile/inner.js @@ -232,7 +232,7 @@ define([ // If this curve has sent us a friend request, we should not be able to sent it to them var friendRequests = common.getFriendRequests(); if (friendRequests[data.curvePublic]) { - $button.append(Messages._getKey('friendRequest_received', [data.name || Messages.anonymous])) + $button.append(Messages._getKey('friendRequest_received', [name || Messages.anonymous])) .click(function () { UIElements.displayFriendRequestModal(common, friendRequests[data.curvePublic]); }); From 032186cc4cea08fa89450ae42dc4fc6fbf7f2d47 Mon Sep 17 00:00:00 2001 From: yflory Date: Wed, 18 Dec 2019 16:15:33 +0100 Subject: [PATCH 2/2] Fix unsanitized name in profile again --- www/profile/inner.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/profile/inner.js b/www/profile/inner.js index 099a2d81b..a37991ad9 100644 --- a/www/profile/inner.js +++ b/www/profile/inner.js @@ -299,7 +299,7 @@ define([ $(muteButton).click(function () { module.execCommand('MUTE_USER', { curvePublic: data.curvePublic, - name: data.displayName || data.name, + name: Util.fixHTML(data.displayName || data.name), avatar: data.avatar }, function (e) { if (e) { console.error(e); return void UI.warn(Messages.error); }