Fix xss in user account display (#9097)

Only affects currently logged in user who has put HTML in their display name. #8813
2026-05-23 00:29:50 +02:00 · 2022-05-25 07:47:11 -04:00
parent 4a55249dee
commit 0c69018f96
1 changed files with 1 additions and 1 deletions
@@ -44,7 +44,7 @@ export function uiAccount(context) {
            // Add user name
            userLinkA.append('span')
                .attr('class', 'label')
-                .html(details.display_name);
+                .text(details.display_name);

            logoutLink.append('a')
                .attr('class', 'logout')