fix: Update profile page to use JSON.stringify for username to preven…

…t XSS Modified the EJS template to use JSON.stringify for embedding the username to prevent cross-site scripting (XSS) vulnerabilities.
tridecco · Aug 6, 2024 · 9952175 · 9952175
1 parent 0f115d2
commit 9952175
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/views/pages/users/profile.ejs b/views/pages/users/profile.ejs
@@ -86,7 +86,7 @@
         // Add event listener to window load
         window.addEventListener("DOMContentLoaded", async () => {
             // Set the username
-            const username = encodeURIComponent("<%- username %>");
+            const username = "<%= JSON.stringify(username) %>";
 
             // New users instance
             const users = new Users(username);