diff --git a/web_src/js/features/tribute.js b/web_src/js/features/tribute.js index 053804c43d486..5678acdf47e1e 100644 --- a/web_src/js/features/tribute.js +++ b/web_src/js/features/tribute.js @@ -1,5 +1,6 @@ import {emojiKeys, emojiHTML, emojiString} from './emoji.js'; import {uniq} from '../utils.js'; +import {htmlEscape} from 'escape-goat'; function makeCollections({mentions, emoji}) { const collections = []; @@ -24,7 +25,7 @@ function makeCollections({mentions, emoji}) { return emojiString(item.original); }, menuItemTemplate: (item) => { - return `
${emojiHTML(item.original)}${item.original}
`; + return `
${emojiHTML(item.original)}${htmlEscape(item.original)}
`; } }); } @@ -36,9 +37,9 @@ function makeCollections({mentions, emoji}) { menuItemTemplate: (item) => { return `
- - ${item.original.name} - ${item.original.fullname && item.original.fullname !== '' ? `${item.original.fullname}` : ''} + + ${htmlEscape(item.original.name)} + ${item.original.fullname && item.original.fullname !== '' ? `${htmlEscape(item.original.fullname)}` : ''}
`; }