Escape notification text in /notifications module

- This was causing literal HTML display names to be interpreted in the page
This commit is contained in:
Hypolite Petovan 2023-05-14 09:13:26 -04:00
parent 89d57a3484
commit 30c4883aa6

View file

@ -1,4 +1,4 @@
<div class="notif-item {{if !$item_seen}}unseen{{/if}}" {{if $item_seen}}aria-hidden="true"{{/if}}>
<a href="{{$notification.link}}"><img src="{{$notification.image}}" aria-hidden="true" class="notif-image">{{$notification.text nofilter}} <span class="notif-when">{{$notification.ago}}</span></a>
<a href="{{$notification.link}}"><img src="{{$notification.image}}" aria-hidden="true" class="notif-image">{{$notification.text}} <span class="notif-when">{{$notification.ago}}</span></a>
</div>