mirror of
https://github.com/plausible/analytics.git
synced 2024-12-25 02:24:55 +03:00
Fix not so safe input (#4263)
This commit is contained in:
parent
a8b9505208
commit
c59bdd27e4
@ -164,11 +164,14 @@ defmodule Plausible.SiteAdmin do
|
|||||||
owner = site.owner
|
owner = site.owner
|
||||||
|
|
||||||
if owner do
|
if owner do
|
||||||
|
escaped_name = Phoenix.HTML.html_escape(owner.name) |> Phoenix.HTML.safe_to_string()
|
||||||
|
escaped_email = Phoenix.HTML.html_escape(owner.email) |> Phoenix.HTML.safe_to_string()
|
||||||
|
|
||||||
{:safe,
|
{:safe,
|
||||||
"""
|
"""
|
||||||
<a href="/crm/auth/user/#{owner.id}">#{owner.name}</a>
|
<a href="/crm/auth/user/#{owner.id}">#{escaped_name}</a>
|
||||||
<br/><br/>
|
<br/><br/>
|
||||||
#{owner.email}
|
#{escaped_email}
|
||||||
"""}
|
"""}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user