Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-02 20:16:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixes potential XSS in usercard

Browse Source
This commit is contained in:
psychobunny
2016-03-21 08:58:59 -04:00
parent cccc64ef90
commit 294171b072
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/posts/user.js
View File

@@ -1,6 +1,7 @@
'use strict'; 'use strict';
var async = require('async'), var async = require('async'),
validator = require('validator'),
db = require('../database'), db = require('../database'),
user = require('../user'), user = require('../user'),
@@ -69,6 +70,8 @@ module.exports = function(Posts) {
userData.picture = userData.picture || ''; userData.picture = userData.picture || '';
userData.status = user.getStatus(userData); userData.status = user.getStatus(userData);
userData.groupTitle = results.groupTitles[i].groupTitle; userData.groupTitle = results.groupTitles[i].groupTitle;
userData.signature = validator.escape(userData.signature || '');
userData.fullname = validator.escape(userData.fullname || '');
}); });
async.map(userData, function(userData, next) { async.map(userData, function(userData, next) {