From ed9dc113b01313ac33f2df1b79db01ac955ecd2e Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 10 Aug 2018 15:01:45 -0400
Subject: [PATCH] sanitizing notes in flags details page, fixes #6698

---
 src/flags.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/flags.js b/src/flags.js
index 238bd7f204..0f056fa295 100644
--- a/src/flags.js
+++ b/src/flags.js
@@ -99,7 +99,10 @@ Flags.get = function (flagId, callback) {
 					target_readable: data.base.type.charAt(0).toUpperCase() + data.base.type.slice(1) + ' ' + data.base.targetId,
 					target: payload.targetObj,
 					history: data.history,
-					notes: data.notes,
+					notes: data.notes.map((note) => {
+						note.content = validator.escape(note.content);
+						return note;
+					}),
 					reporter: payload.userObj,
 				}));
 			});