escape username in users table

4 years ago · 520ac76022
2 changed files with 8 additions and 3 deletions
--- a/npm/ng-packs/packages/core/src/lib/utils/string-utils.ts
+++ b/npm/ng-packs/packages/core/src/lib/utils/string-utils.ts
@ -23,5 +23,8 @@ export function interpolate(text: string, params: string[]) {
 }

 export function escapeHtmlChars(value: string) {
-  return value && value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+  return (
+    value &&
+    value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;')
+  );
 }
--- a/npm/ng-packs/packages/identity/src/lib/defaults/default-users-entity-props.ts
+++ b/npm/ng-packs/packages/identity/src/lib/defaults/default-users-entity-props.ts
@ -1,4 +1,4 @@
-import { LocalizationService } from '@abp/ng.core';
+import { escapeHtmlChars, LocalizationService } from '@abp/ng.core';
 import { IdentityUserDto } from '@abp/ng.identity/proxy';
 import { EntityProp, ePropType } from '@abp/ng.theme.shared/extensions';
 import { of } from 'rxjs';
@ -21,7 +21,9 @@ export const DEFAULT_USERS_ENTITY_PROPS = EntityProp.createMany<IdentityUserDto>
      return of(
        `
        ${!data.record.isActive ? inactiveIcon : ''}
-        <span class="${!data.record.isActive ? 'text-muted' : ''}">${data.record.userName}</span>`,
+        <span class="${!data.record.isActive ? 'text-muted' : ''}">${escapeHtmlChars(
+          data.record.userName,
+        )}</span>`,
      );
    },
  },