sanitizing correctly

author: Jules Laplace <julescarbon@gmail.com> 2018-01-01 19:13:02 +0100
committer: Jules Laplace <julescarbon@gmail.com> 2018-01-01 19:13:02 +0100
commit: 9a55d9dc59c12e7f2453948b04d017de4e329fff (patch)
tree: f8654db0c2f7816603bd6a1710804cbd233d755e /public/assets/js/lib/views/profile/profile_edit.js
parent: 7176250d674711c86e69984766b603e4e54dc201 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/public/assets/js/lib/views/profile/profile_edit.js b/public/assets/js/lib/views/profile/profile_edit.js
index e50a7c0..d3656c4 100644
--- a/public/assets/js/lib/views/profile/profile_edit.js
+++ b/public/assets/js/lib/views/profile/profile_edit.js
@@ -18,12 +18,12 @@ var ProfileForm = FormView.extend({
   load: function(username){
     this.action = "/api/user/" + username;
     "realname location email phone website twitter".split(" ").forEach((field) => {
-      this.$('[name=' + field + ']').val( sanitize(auth.user[field]) )
+      this.$('[name=' + field + ']').val( auth.user[field] )
     })
     if (! auth.user.avatar) {
       $("#profile-avatar-embed").hide()
     } else {
-      $("#profile-avatar-embed").attr("src", sanitize(auth.user.avatar))
+      $("#profile-avatar-embed").attr("src", sanitizeHTML(auth.user.avatar))
     }
     $("body").removeClass('loading')
   },
author	Jules Laplace <julescarbon@gmail.com>	2018-01-01 19:13:02 +0100
committer	Jules Laplace <julescarbon@gmail.com>	2018-01-01 19:13:02 +0100
commit	9a55d9dc59c12e7f2453948b04d017de4e329fff (patch)
tree	f8654db0c2f7816603bd6a1710804cbd233d755e /public/assets/js/lib/views/profile/profile_edit.js
parent	7176250d674711c86e69984766b603e4e54dc201 (diff)