HTML-escape notification contact names

author keithhacks <111162058+keithhacks@users.noreply.github.com>

Sun, 19 Nov 2023 23:23:29 +0000 (23:23 +0000)

committer GitHub <noreply@github.com>

Sun, 19 Nov 2023 23:23:29 +0000 (23:23 +0000)
author keithhacks <111162058+keithhacks@users.noreply.github.com>
Sun, 19 Nov 2023 23:23:29 +0000 (23:23 +0000)
committer GitHub <noreply@github.com>
Sun, 19 Nov 2023 23:23:29 +0000 (23:23 +0000)
diff --git a/src/Navigation/Notifications/Entity/Notify.php b/src/Navigation/Notifications/Entity/Notify.php

index ab042bc9f0cb53accecc3889c6f90e5767efee9c..f24ea16ce6255465f5efc33dfbfe4be39fcb0b59 100644 (file)
--- a/src/Navigation/Notifications/Entity/Notify.php
+++ b/src/Navigation/Notifications/Entity/Notify.php
@@ -134,6 +134,6 @@ class Notify extends BaseEntity
          */
         public static function formatMessage(string $name, string $message): string
         {
-               return str_replace('{0}', '<span class="contactname">' . BBCode::toPlaintext($name, false) . '</span>', htmlspecialchars($message));
+               return str_replace('{0}', '<span class="contactname">' . htmlspecialchars(BBCode::toPlaintext($name, false)) . '</span>', htmlspecialchars($message));
         }
  }
author	keithhacks <111162058+keithhacks@users.noreply.github.com>
	Sun, 19 Nov 2023 23:23:29 +0000 (23:23 +0000)
committer	GitHub <noreply@github.com>
	Sun, 19 Nov 2023 23:23:29 +0000 (23:23 +0000)