From 9a55d9dc59c12e7f2453948b04d017de4e329fff Mon Sep 17 00:00:00 2001
From: Jules Laplace <julescarbon@gmail.com>
Date: Mon, 1 Jan 2018 19:13:02 +0100
Subject: sanitizing correctly

---
 public/assets/js/lib/views/profile/profile.js | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'public/assets/js/lib/views/profile/profile.js')

diff --git a/public/assets/js/lib/views/profile/profile.js b/public/assets/js/lib/views/profile/profile.js
index 2254bd5..1064adb 100644
--- a/public/assets/js/lib/views/profile/profile.js
+++ b/public/assets/js/lib/views/profile/profile.js
@@ -18,7 +18,7 @@ var ProfileView = View.extend({
   populate: function(user){
     $("body").removeClass('loading')
     var $table = this.$("table")
-    var username = sanitize(user.username)
+    var username = sanitizeHTML(user.username)
     var is_own_profile = (username === auth.user.username)
     if (is_own_profile) {
       $(".edit_profile a").attr("href", "/profile/" + username + "/edit")
@@ -34,27 +34,27 @@ var ProfileView = View.extend({
     ].map(pair => {
       var key = pair[0], label = pair[1]
       if (! user[key]) return;
-      return [label, sanitize(user[key])]
+      return [label, sanitizeHTML(user[key])]
     })
 
     if (user.email) {
       fields.push([
         'Email',
-        '<a href="mailto:' + sanitize(user.email) + '">' + sanitize(user.email) + '</a>'
+        '<a href="mailto:' + sanitizeHTML(user.email) + '">' + sanitizeHTML(user.email) + '</a>'
       ])
     }
     if (user.twitter) {
       if (user.twitter.match(/^http/)) {
         var partz = user.twitter.split('/')
         if (partz.length > 2) {
-          var handle = sanitize(partz[3])
+          var handle = sanitizeHTML(partz[3])
           fields.push([
             'Twitter',
             '<a href="https://twitter.com/' + handle + '">@' + handle + '</a>'
           ])
         }
       } else {
-        var handle = sanitize(user.twitter)
+        var handle = sanitizeHTML(user.twitter)
         fields.push([
           'Twitter',
           '<a href="https://twitter.com/' + handle + '">@' + handle + '</a>'
@@ -62,10 +62,10 @@ var ProfileView = View.extend({
       }
     }
     if (user.website) {
-      var website = sanitize(user.website)
+      var website = sanitizeHTML(user.website)
       fields.push([
         'Website',
-        '<a href="' + sanitize(website) + '">' + sanitize(website) + '</a>'
+        '<a href="' + sanitizeHTML(website) + '">' + sanitizeHTML(website) + '</a>'
       ])
     }
 
-- 
cgit v1.2.3-70-g09d2