escape on the way out, fixes birthday/age calculation

src/controllers/accounts.js

@@ -89,10 +89,17 @@ function getUserDataByUserSlug(userslug, callerUID, callback) {
 			userData.profile_links = results.profile_links;
 			userData.status = require('../socket.io').isUserOnline(userData.uid) ? (userData.status || 'online') : 'offline';
 			userData.banned = parseInt(userData.banned, 10) === 1;
-			userData.websiteName = userData.website.replace(validator.escape('http://'), '').replace(validator.escape('https://'), '');
+			userData.websiteName = userData.website.replace('http://', '').replace('https://', '');
 			userData.followingCount = parseInt(userData.followingCount, 10) || 0;
 			userData.followerCount = parseInt(userData.followerCount, 10) || 0;
 
+			userData.username = validator.escape(userData.username);
+			userData.email = validator.escape(userData.email);
+			userData.fullname = validator.escape(userData.fullname);
+			userData.websiteName = validator.escape(userData.websiteName);
+			userData.location = validator.escape(userData.location);
+			userData.signature = validator.escape(userData.signature);
+
 			callback(null, userData);
 		});
 	});

src/user/profile.js

@@ -111,7 +111,6 @@ module.exports = function(User) {
 				}
 
 				data[field] = data[field].trim();
-				data[field] = validator.escape(data[field]);
 
 				if (field === 'email') {
 					return updateEmail(uid, data.email, next);
@@ -122,8 +121,8 @@ module.exports = function(User) {
 				} else if (field === 'signature') {
 					data[field] = S(data[field]).stripTags().s;
 				} else if (field === 'website') {
-					if (!data[field].startsWith(validator.escape('http://')) && !data[field].startsWith(validator.escape('https://'))) {
-						data[field] = validator.escape('http://') + data[field];
+					if (!data[field].startsWith('http://') && !data[field].startsWith('https://')) {
+						data[field] = 'http://' + data[field];
 					}
 				}