diff --git a/app/ui-message/client/message.js b/app/ui-message/client/message.js index 97d400f6b2fb..4fc1e7a93a4d 100644 --- a/app/ui-message/client/message.js +++ b/app/ui-message/client/message.js @@ -1,4 +1,5 @@ import _ from 'underscore'; +import s from 'underscore.string'; import { Blaze } from 'meteor/blaze'; import { Meteor } from 'meteor/meteor'; import { Tracker } from 'meteor/tracker'; @@ -78,6 +79,7 @@ const renderBody = (msg, settings) => { } else if (messageType.template) { // render template } else if (messageType.message) { + msg.msg = s.escapeHTML(msg.msg); msg = TAPi18n.__(messageType.message, { ...typeof messageType.data === 'function' && messageType.data(msg) }); } else if (msg.u && msg.u.username === settings.Chatops_Username) { msg.html = msg.msg;