Fix #5592 (#5593)

* Fix #5592 Escape translation tokens in topic titles, descriptions, profile about, and post contents * Fix tests
2025-11-03 04:25:55 +01:00 · 2017-04-13 12:37:54 -06:00
parent c3febca9c8
commit 1fb48ef7a7
9 changed files with 31 additions and 18 deletions
--- a/src/controllers/accounts/profile.js
+++ b/src/controllers/accounts/profile.js
@@ -12,6 +12,7 @@ var accountHelpers = require('./helpers');
 var helpers = require('../helpers');
 var pagination = require('../../pagination');
 var messaging = require('../../messaging');
+var translator = require('../../translator');

 var profileController = {};

@@ -74,7 +75,7 @@ profileController.get = function (req, res, callback) {
 				return p && parseInt(p.deleted, 10) !== 1;
 			});
 			userData.hasPrivateChat = results.hasPrivateChat;
-			userData.aboutme = results.aboutme;
+			userData.aboutme = translator.escape(results.aboutme);
 			userData.nextStart = results.posts.nextStart;
 			userData.breadcrumbs = helpers.buildBreadcrumbs([{ text: userData.username }]);
 			userData.title = userData.username;