From 0c69018f96f4f5e5303c215e03693117f4a4dc1d Mon Sep 17 00:00:00 2001
From: Josh Lee <jleedev@gmail.com>
Date: Wed, 25 May 2022 07:47:11 -0400
Subject: [PATCH] Fix xss in user account display (#9097)

Only affects currently logged in user who has put HTML in their display name.

#8813
---
 modules/ui/account.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ui/account.js b/modules/ui/account.js
index 2595eb2a4..64b879dea 100644
--- a/modules/ui/account.js
+++ b/modules/ui/account.js
@@ -44,7 +44,7 @@ export function uiAccount(context) {
             // Add user name
             userLinkA.append('span')
                 .attr('class', 'label')
-                .html(details.display_name);
+                .text(details.display_name);
 
             logoutLink.append('a')
                 .attr('class', 'logout')