From e1473bcc2dc39ee86d094ffedd7626dc1f72815e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Sun, 7 May 2023 19:00:21 -0400
Subject: [PATCH] fix: strip html tags from browser title

---
 src/middleware/render.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/middleware/render.js b/src/middleware/render.js
index 7a06b67c6c..223d556150 100644
--- a/src/middleware/render.js
+++ b/src/middleware/render.js
@@ -162,6 +162,7 @@ module.exports = function (middleware) {
 
 		templateValues.configJSON = jsesc(JSON.stringify(res.locals.config), { isScriptContext: true });
 
+		const title = translator.unescape(utils.stripHTMLTags(options.title));
 		const results = await utils.promiseParallel({
 			isAdmin: user.isAdministrator(req.uid),
 			isGlobalMod: user.isGlobalModerator(req.uid),
@@ -171,7 +172,7 @@ module.exports = function (middleware) {
 			isEmailConfirmSent: req.uid <= 0 ? false : await user.email.isValidationPending(req.uid),
 			languageDirection: translator.translate('[[language:dir]]', res.locals.config.userLang),
 			timeagoCode: languages.userTimeagoCode(res.locals.config.userLang),
-			browserTitle: translator.translate(controllersHelpers.buildTitle(translator.unescape(options.title))),
+			browserTitle: translator.translate(controllersHelpers.buildTitle(title)),
 			navigation: navigation.get(req.uid),
 			roomIds: db.getSortedSetRevRange(`uid:${req.uid}:chat:rooms`, 0, 0),
 		});