From 294171b07266706ac78850be8b85b3d27e332424 Mon Sep 17 00:00:00 2001
From: psychobunny <rodrigues.andrew@gmail.com>
Date: Mon, 21 Mar 2016 08:58:59 -0400
Subject: [PATCH] fixes potential XSS in usercard

---
 src/posts/user.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/posts/user.js b/src/posts/user.js
index 0d41397960..cd675cbfa3 100644
--- a/src/posts/user.js
+++ b/src/posts/user.js
@@ -1,6 +1,7 @@
 'use strict';
 
 var async = require('async'),
+	validator = require('validator'),
 
 	db = require('../database'),
 	user = require('../user'),
@@ -69,6 +70,8 @@ module.exports = function(Posts) {
 				userData.picture = userData.picture || '';
 				userData.status = user.getStatus(userData);
 				userData.groupTitle = results.groupTitles[i].groupTitle;
+				userData.signature = validator.escape(userData.signature || '');
+				userData.fullname = validator.escape(userData.fullname || '');
 			});
 
 			async.map(userData, function(userData, next) {