From 5b9c4f48724c8a8eb9556719239be996366fd005 Mon Sep 17 00:00:00 2001
From: Mike Greiling <mike@pixelcog.com>
Date: Wed, 23 Nov 2016 17:31:35 -0600
Subject: [PATCH] properly escape username validation error message flash

---
 app/views/profiles/update_username.js.haml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/views/profiles/update_username.js.haml b/app/views/profiles/update_username.js.haml
index de1337a2a24..5307e0b48cb 100644
--- a/app/views/profiles/update_username.js.haml
+++ b/app/views/profiles/update_username.js.haml
@@ -2,5 +2,6 @@
   :plain
     new Flash("Username successfully changed", "notice")
 - else
+  - error = @user.errors.full_messages.first
   :plain
-    new Flash("Username change failed - #{@user.errors.full_messages.first}", "alert")
+    new Flash("Username change failed - #{escape_javascript error.html_safe}", "alert")