Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Ensure all fields escaped in output via = rather than - in EJS (as pe…

…r issue #102), need to check across all modules.
  • Loading branch information...
commit 9665b3aaebc7deb3e28560511427c1395aaaf7ca 1 parent 6c33913
@cliftonc cliftonc authored
Showing with 4 additions and 4 deletions.
  1. +4 −4 modules/core/user/templates/profile.html
View
8 modules/core/user/templates/profile.html
@@ -1,12 +1,12 @@
<div class="content-item">
- <h1><a href="/user/profile/<%= item.username %>"><%- display.name ? display.name : item.username %></a></h1>
+ <h1><a href="/user/profile/<%= item.username %>"><%= display.name ? display.name : item.username %></a></h1>
<% if(display.email) { %>
- <p><a href='mailto:<%- display.email %>'><%- display.email %></a></p>
+ <p><a href='mailto:<%- display.email %>'><%= display.email %></a></p>
<% } %>
- <p><%- item.about %></p>
+ <p><%= item.about %></p>
<p>
<% if(user.isAdmin || user.username === item.username) { %>
- <small><a href="/user/profile/<%= item.username %>/edit"><%- t('Edit Your Profile') %></a></small>
+ <small><a href="/user/profile/<%= item.username %>/edit"><%= t('Edit Your Profile') %></a></small>
<% } %>
</p>
</div>
Please sign in to comment.
Something went wrong with that request. Please try again.