clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Escape message for notifications

Browse Source
This commit is contained in:
Philipp
2023-05-14 20:31:20 +02:00
parent d272cecd55
commit e998c059b6
2 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Navigation/Notifications/Entity/Notify.php
View File

@@ -134,6 +134,6 @@ class Notify extends BaseEntity
*/
public static function formatMessage(string $name, string $message): string
{
return str_replace('{0}', '<span class="contactname">' . strip_tags(BBCode::convert($name)) . '</span>', $message);
return str_replace('{0}', '<span class="contactname">' . strip_tags(BBCode::convert($name)) . '</span>', htmlspecialchars($message));
}
}