closes #526

public/templates/account.tpl

@@ -36,7 +36,7 @@
 					<br/>
 
 					<span class="account-bio-label">website</span>
-					<span><a href="{website}">{website}</a></span>
+					<span><a href="{website}">{websiteName}</a></span>
 					<br/>
 
 					<span class="account-bio-label">location</span>

src/routes/user.js

@@ -543,6 +543,8 @@ var user = require('./../user.js'),
 						else
 							data.emailClass = "hide";
 
+						data.websiteName = data.website.replace('http://', '').replace('https://', '');
+
 						data.show_banned = data.banned === '1' ? '' : 'hide';
 
 						data.uid = uid;

src/user.js

@@ -4,6 +4,8 @@ var bcrypt = require('bcrypt'),
 	nconf = require('nconf'),
 	winston = require('winston'),
 	userSearch = require('reds').createSearch('nodebbusersearch'),
+	check = require('validator').check,
+	sanitize = require('validator').sanitize,
 
 	utils = require('./../public/src/utils'),
 	RDB = require('./redis'),
@@ -13,6 +15,7 @@ var bcrypt = require('bcrypt'),
 	notifications = require('./notifications'),
 	topics = require('./topics');
 
+
 (function(User) {
 	'use strict';
 	User.create = function(username, password, email, callback) {
@@ -244,6 +247,9 @@ var bcrypt = require('bcrypt'),
 
 		function updateField(field, next) {
 			if (data[field] !== undefined && typeof data[field] === 'string') {
+				data[field] = data[field].trim();
+				data[field] = sanitize(data[field]).escape();
+
 				if (field === 'email') {
 					var gravatarpicture = User.createGravatarURLFromEmail(data[field]);
 					User.setUserField(uid, 'gravatarpicture', gravatarpicture);
@@ -265,6 +271,10 @@ var bcrypt = require('bcrypt'),
 					return;
 				} else if (field === 'signature') {
 					data[field] = utils.strip_tags(data[field]);
+				} else if (field === 'website') {
+					if(data[field].substr(0, 7) !== 'http://' && data[field].substr(0, 8) !== 'https://') {
+						data[field] = 'http://' + data[field];
+					}
 				}
 
 				User.setUserField(uid, field, data[field]);