From 44b1d55ebb486e2e3bcb43fb3091f4df25b813e7 Mon Sep 17 00:00:00 2001
From: Jonathan Rainville <rainville.jonathan@gmail.com>
Date: Thu, 5 Nov 2020 15:11:59 -0500
Subject: [PATCH] fix: XSS filter channel names in case a bad one had been
 submitted

---
 ui/app/AppLayouts/Chat/ContactsColumn/Channel.qml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ui/app/AppLayouts/Chat/ContactsColumn/Channel.qml b/ui/app/AppLayouts/Chat/ContactsColumn/Channel.qml
index f0370a8835..0035d0e9c6 100644
--- a/ui/app/AppLayouts/Chat/ContactsColumn/Channel.qml
+++ b/ui/app/AppLayouts/Chat/ContactsColumn/Channel.qml
@@ -64,7 +64,9 @@ Rectangle {
 
     StyledText {
         id: contactInfo
-        text: wrapper.chatType !== Constants.chatTypePublic ? Emoji.parse(Utils.removeStatusEns(wrapper.name), "26x26") : "#" + wrapper.name
+        text: wrapper.chatType !== Constants.chatTypePublic ?
+                  Emoji.parse(Utils.removeStatusEns(Utils.filterXSS(wrapper.name)), "26x26") :
+                  "#" + Utils.filterXSS(wrapper.name)
         anchors.right: contactTime.left
         anchors.rightMargin: Style.current.smallPadding
         elide: Text.ElideRight