escape username in users table

npm/ng-packs/packages/core/src/lib/utils/string-utils.ts

@@ -23,5 +23,8 @@ export function interpolate(text: string, params: string[]) {
 }
 
 export function escapeHtmlChars(value: string) {
-  return value && value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+  return (
+    value &&
+    value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;')
+  );
 }

npm/ng-packs/packages/identity/src/lib/defaults/default-users-entity-props.ts

@@ -1,4 +1,4 @@
-import { LocalizationService } from '@abp/ng.core';
+import { escapeHtmlChars, LocalizationService } from '@abp/ng.core';
 import { IdentityUserDto } from '@abp/ng.identity/proxy';
 import { EntityProp, ePropType } from '@abp/ng.theme.shared/extensions';
 import { of } from 'rxjs';
@@ -21,7 +21,9 @@ export const DEFAULT_USERS_ENTITY_PROPS = EntityProp.createMany<IdentityUserDto>
       return of(
         `
         ${!data.record.isActive ? inactiveIcon : ''}
-        <span class="${!data.record.isActive ? 'text-muted' : ''}">${data.record.userName}</span>`,
+        <span class="${!data.record.isActive ? 'text-muted' : ''}">${escapeHtmlChars(
+          data.record.userName,
+        )}</span>`,
       );
     },
   },