sanitizing notes in flags details page, fixes #6698

2025-11-02 03:55:55 +01:00 · 2018-08-10 15:01:45 -04:00
parent a77630c6be
commit ed9dc113b0
1 changed files with 4 additions and 1 deletions
--- a/src/flags.js
+++ b/src/flags.js
@@ -99,7 +99,10 @@ Flags.get = function (flagId, callback) {
 					target_readable: data.base.type.charAt(0).toUpperCase() + data.base.type.slice(1) + ' ' + data.base.targetId,
 					target: payload.targetObj,
 					history: data.history,
-					notes: data.notes,
+					notes: data.notes.map((note) => {
+						note.content = validator.escape(note.content);
+						return note;
+					}),
 					reporter: payload.userObj,
 				}));
 			});