From 9f7e64eead0654f784afb451bca87e2647cf15d9 Mon Sep 17 00:00:00 2001
From: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Date: Mon, 21 Jan 2019 13:08:26 +0100
Subject: [PATCH] SECURITY: fix possible XSS with badges (#6912)

---
 app/assets/javascripts/admin/templates/user-badges.hbs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/assets/javascripts/admin/templates/user-badges.hbs b/app/assets/javascripts/admin/templates/user-badges.hbs
index 2f5ce5b25e..92e4403fe1 100644
--- a/app/assets/javascripts/admin/templates/user-badges.hbs
+++ b/app/assets/javascripts/admin/templates/user-badges.hbs
@@ -16,7 +16,7 @@
     <form class="form-horizontal">
       <div>
       <label>{{i18n 'admin.badges.badge'}}</label>
-      {{combo-box filterable=true value=selectedBadgeId content=grantableBadges}}
+      {{combo-box forceEscape=true filterable=true value=selectedBadgeId content=grantableBadges}}
       </div>
       <div>
       <label>{{i18n 'admin.badges.reason'}}</label>