From 67cb70352f994d8fab3477f0d753e0dd588bab70 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 2 Sep 2022 12:30:55 -0400
Subject: [PATCH] fix: missing escape on ACP category backgroundImage property

---
 src/categories/data.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/categories/data.js b/src/categories/data.js
index d50e7e1a0b..4568d4850d 100644
--- a/src/categories/data.js
+++ b/src/categories/data.js
@@ -86,7 +86,7 @@ function modifyCategory(category, fields) {
 
 	db.parseIntFields(category, intFields, fields);
 
-	const escapeFields = ['name', 'color', 'bgColor', 'imageClass', 'class', 'link'];
+	const escapeFields = ['name', 'color', 'bgColor', 'backgroundImage', 'imageClass', 'class', 'link'];
 	escapeFields.forEach((field) => {
 		if (category.hasOwnProperty(field)) {
 			category[field] = validator.escape(String(category[field] || ''));