From c59bdd27e49f06df11a75c883c4573408dc2ed8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cenk=20K=C3=BCc=C3=BCk?= Date: Mon, 24 Jun 2024 02:10:41 +0200 Subject: [PATCH] Fix not so safe input (#4263) --- lib/plausible/site/admin.ex | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/plausible/site/admin.ex b/lib/plausible/site/admin.ex index 022bb0d90..fe3b2b1b0 100644 --- a/lib/plausible/site/admin.ex +++ b/lib/plausible/site/admin.ex @@ -164,11 +164,14 @@ defmodule Plausible.SiteAdmin do owner = site.owner if owner do + escaped_name = Phoenix.HTML.html_escape(owner.name) |> Phoenix.HTML.safe_to_string() + escaped_email = Phoenix.HTML.html_escape(owner.email) |> Phoenix.HTML.safe_to_string() + {:safe, """ - #{owner.name} + #{escaped_name}

- #{owner.email} + #{escaped_email} """} end end