fix(users): Profile image path is invalid after escaping

Removes the validator.escape on the profileImageUrl field in core server controller. The escaping was causing the profileImageUrl field to be an invalid path for the image. We don't need to worry about xss vulnerabilities on this field because no user input is provided; the name & path are generated by the application logic. Fixes #1127
meanjs · Jan 15, 2016 · f88f28e · f88f28e
1 parent 039d9de
commit f88f28e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/modules/core/server/controllers/core.server.controller.js b/modules/core/server/controllers/core.server.controller.js
@@ -15,7 +15,7 @@ exports.renderIndex = function (req, res) {
       username: validator.escape(req.user.username),
       created: req.user.created.toString(),
       roles: req.user.roles,
-      profileImageURL: validator.escape(req.user.profileImageURL),
+      profileImageURL: req.user.profileImageURL,
       email: validator.escape(req.user.email),
       lastName: validator.escape(req.user.lastName),
       firstName: validator.escape(req.user.firstName)