From 5c7f641565e8022c3d8d704e49b510a79e5f16ad Mon Sep 17 00:00:00 2001
From: Paweł Ngei <github@alxd.org>
Date: Fri, 7 Dec 2018 16:42:22 +0100
Subject: Escape HTML in profile name preview in profile settings (#9446)

* fix non-escaped html in the profile settings

* provide a default profile text in case if there's no custom one

* update haml syntax

* simplify default profile name to username

* sanitize user-input html but display emojified icons
---
 app/views/application/_card.html.haml | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/views/application/_card.html.haml')

diff --git a/app/views/application/_card.html.haml b/app/views/application/_card.html.haml
index 9cf8f8ff2..e6059b035 100644
--- a/app/views/application/_card.html.haml
+++ b/app/views/application/_card.html.haml
@@ -9,6 +9,7 @@
         = image_tag account.avatar.url, alt: '', width: 48, height: 48, class: 'u-photo'
 
       .display-name
+        %span{id: "default_account_display_name", style: "display:none;"}= account.username
         %bdi
           %strong.emojify.p-name= display_name(account, custom_emojify: true)
         %span
-- 
cgit