Fix HTML escaping for user color attribute

NellowTCS · web-flow · commit 8222c138ab4d · 2025-10-14T11:04:22.000-06:00
diff --git a/Build/src/privateMessages.js b/Build/src/privateMessages.js
@@ -269,7 +269,7 @@ export class PrivateMessageManager {
       return `
         <div class="msg">
           <span class="time">[${this.escapeHTML(date)}]</span>
-          <span class="user" style="color:${this.escapeHTML(color)}">&lt;${this.escapeHTML(msg.from)}&gt;</span>
+          <span class="user" style="color:${this.escapeAttr(color)}">&lt;${this.escapeHTML(msg.from)}&gt;</span>
           <span class="text">${processedText}</span>
         </div>
       `;
@@ -346,4 +346,4 @@ export class PrivateMessageManager {
     }
     return conversations;
   }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -269,7 +269,7 @@ export class PrivateMessageManager {`
`269`	`269`	return `
`270`	`270`	`<div class="msg">`
`271`	`271`	`<span class="time">[${this.escapeHTML(date)}]</span>`
`272`		`- <span class="user" style="color:${this.escapeHTML(color)}"><${this.escapeHTML(msg.from)}></span>`
	`272`	`+ <span class="user" style="color:${this.escapeAttr(color)}"><${this.escapeHTML(msg.from)}></span>`
`273`	`273`	`<span class="text">${processedText}</span>`
`274`	`274`	`</div>`
`275`	`275`	`;
`@@ -346,4 +346,4 @@ export class PrivateMessageManager {`
`346`	`346`	`}`
`347`	`347`	`return conversations;`
`348`	`348`	`}`
`349`		`-}`
	`349`	`+}`