From 520ac760229c6410a9e5b3c6e1b091e4717813e7 Mon Sep 17 00:00:00 2001
From: mehmet-erim <bilgi@mehmeterim.com>
Date: Tue, 11 Jan 2022 15:56:07 +0300
Subject: [PATCH] escape username in users table

---
 npm/ng-packs/packages/core/src/lib/utils/string-utils.ts    | 5 ++++-
 .../identity/src/lib/defaults/default-users-entity-props.ts | 6 ++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/npm/ng-packs/packages/core/src/lib/utils/string-utils.ts b/npm/ng-packs/packages/core/src/lib/utils/string-utils.ts
index da8a1b9885..056c355b1c 100644
--- a/npm/ng-packs/packages/core/src/lib/utils/string-utils.ts
+++ b/npm/ng-packs/packages/core/src/lib/utils/string-utils.ts
@@ -23,5 +23,8 @@ export function interpolate(text: string, params: string[]) {
 }
 
 export function escapeHtmlChars(value: string) {
-  return value && value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+  return (
+    value &&
+    value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;')
+  );
 }
diff --git a/npm/ng-packs/packages/identity/src/lib/defaults/default-users-entity-props.ts b/npm/ng-packs/packages/identity/src/lib/defaults/default-users-entity-props.ts
index cfd9d57c5b..407d92662b 100644
--- a/npm/ng-packs/packages/identity/src/lib/defaults/default-users-entity-props.ts
+++ b/npm/ng-packs/packages/identity/src/lib/defaults/default-users-entity-props.ts
@@ -1,4 +1,4 @@
-import { LocalizationService } from '@abp/ng.core';
+import { escapeHtmlChars, LocalizationService } from '@abp/ng.core';
 import { IdentityUserDto } from '@abp/ng.identity/proxy';
 import { EntityProp, ePropType } from '@abp/ng.theme.shared/extensions';
 import { of } from 'rxjs';
@@ -21,7 +21,9 @@ export const DEFAULT_USERS_ENTITY_PROPS = EntityProp.createMany<IdentityUserDto>
       return of(
         `
         ${!data.record.isActive ? inactiveIcon : ''}
-        <span class="${!data.record.isActive ? 'text-muted' : ''}">${data.record.userName}</span>`,
+        <span class="${!data.record.isActive ? 'text-muted' : ''}">${escapeHtmlChars(
+          data.record.userName,
+        )}</span>`,
       );
     },
   },