From 1d1639d46f15c5a9c84d3ccfc7a334244c28039a Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Tue, 13 Jun 2023 11:55:13 -0400
Subject: [PATCH] fix: improper neutralization of user input in image wrapping
 code

---
 public/src/client/topic/images.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/public/src/client/topic/images.js b/public/src/client/topic/images.js
index 8778053821..c4c30319d8 100644
--- a/public/src/client/topic/images.js
+++ b/public/src/client/topic/images.js
@@ -26,8 +26,9 @@ define('forum/topic/images', [], function () {
 			const srcExt = src.split('.').slice(1).pop();
 			const altFilename = alt.split('/').pop();
 			const altExt = altFilename.split('.').slice(1).pop();
+
 			imageEl.wrap('<a href="' + src + '" ' +
-				(!srcExt && altExt ? ' download="' + altFilename + '" ' : '') +
+				(!srcExt && altExt ? ' download="' + utils.escapeHTML(altFilename) + '" ' : '') +
 				' target="_blank" rel="noopener">');
 		}
 	};