Closed batpad closed 7 years ago
Thanks @batpad. I deployed this on the HOT production deployment to patch it quick. 👍 from me. We'll want to circulate to the HOT list to share with others that are running their own osmtm.
Good catch! Aren't there other location in the templates where this should be done as well?
@pgiraud So I tested the users
page which lists users and that seems to handle usernames like this fine. Not being too familiar with the code-base, it would be totally great for someone else to do a more thorough audit - I did check a few places where I know usernames showed up and they seemed protected from this, but I definitely could have missed something.
cc @smit1678 @bgirardot @pgiraud @ethan-nelson