Escape HTML in profile name preview in profile settings (#9446)

* fix non-escaped html in the profile settings * provide a default profile text in case if there's no custom one * update haml syntax * simplify default profile name to username * sanitize user-input html but display emojified icons
2018-12-07 16:42:22 +01:00 · 2018-12-07 16:42:22 +01:00 · 5c7f641565
commit 5c7f641565
parent d3547fa005
2 changed files with 7 additions and 2 deletions
--- a/app/views/application/_card.html.haml
+++ b/app/views/application/_card.html.haml
@ -9,6 +9,7 @@
        = image_tag account.avatar.url, alt: '', width: 48, height: 48, class: 'u-photo'

      .display-name
+        %span{id: "default_account_display_name", style: "display:none;"}= account.username
        %bdi
          %strong.emojify.p-name= display_name(account, custom_emojify: true)
        %span