Security: Social: Remove XSS when displaying group messages

Author: AngelFQC

main/inc/lib/message.lib.php

@@ -1941,7 +1941,9 @@ public static function display_message_for_group($groupId, $topic_id)
         $main_content .= '<div class="message-content"> ';
         $main_content .= '<div class="username">'.$user_link.'</div>';
         $main_content .= $date;
-        $main_content .= '<div class="message">'.$main_message['content'].$attachment.'</div></div>';
+        $main_content .= '<div class="message">'
+            .Security::remove_XSS($main_message['content'], STUDENT, true)
+            .$attachment.'</div></div>';
         $main_content .= '</div>';
         $main_content .= '</div>';