From 446b125c835dc508553a9aab89d0d33a6affdac7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <baris@nodebb.org>
Date: Tue, 4 Sep 2018 10:59:48 -0400
Subject: [PATCH] escape post content

---
 src/controllers/admin/postqueue.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/controllers/admin/postqueue.js b/src/controllers/admin/postqueue.js
index 0105445a90..1812d70e95 100644
--- a/src/controllers/admin/postqueue.js
+++ b/src/controllers/admin/postqueue.js
@@ -81,7 +81,7 @@ function getQueuedPosts(ids, callback) {
 			});
 
 			async.map(postData, function (postData, next) {
-				postData.data.rawContent = postData.data.content;
+				postData.data.rawContent = validator.escape(String(postData.data.content));
 				postData.data.title = validator.escape(String(postData.data.title));
 				async.waterfall([
 					function (next) {