From f88f28e0358060a4523fc5397f357f38171e8b0b Mon Sep 17 00:00:00 2001
From: mleanos <michael.leanos@gmail.com>
Date: Fri, 15 Jan 2016 12:39:17 -0800
Subject: [PATCH] fix(users): Profile image path is invalid after escaping

Removes the validator.escape on the profileImageUrl field in core server
controller.

The escaping was causing the profileImageUrl field to be an invalid path
for the image. We don't need to worry about xss vulnerabilities on this
field because no user input is provided; the name & path are generated
by the application logic.

Fixes #1127
---
 modules/core/server/controllers/core.server.controller.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/core/server/controllers/core.server.controller.js b/modules/core/server/controllers/core.server.controller.js
index c3aee46d65..f470293537 100644
--- a/modules/core/server/controllers/core.server.controller.js
+++ b/modules/core/server/controllers/core.server.controller.js
@@ -15,7 +15,7 @@ exports.renderIndex = function (req, res) {
       username: validator.escape(req.user.username),
       created: req.user.created.toString(),
       roles: req.user.roles,
-      profileImageURL: validator.escape(req.user.profileImageURL),
+      profileImageURL: req.user.profileImageURL,
       email: validator.escape(req.user.email),
       lastName: validator.escape(req.user.lastName),
       firstName: validator.escape(req.user.firstName)