Add missing HTML encoding

diff --git a/wcfsetup/install/files/lib/data/user/UserProfile.class.php b/wcfsetup/install/files/lib/data/user/UserProfile.class.php
index 187c5fa518770f8cdc053bebe78553960cb9ef3d..ca900ed7d6a73d10e07f9fd7a02488463abccf88 100644 (file)
--- a/wcfsetup/install/files/lib/data/user/UserProfile.class.php
+++ b/wcfsetup/install/files/lib/data/user/UserProfile.class.php
@@ -811,6 +811,6 @@ class UserProfile extends DatabaseObjectDecorator implements IBreadcrumbProvider
        public function getAnchorTag() {
                $link = LinkHandler::getInstance()->getLink('User', array('object' => $this->getDecoratedObject()));
                
-               return '<a href="'.$link.'" class="userLink" data-user-id="'.$this->userID.'">'.$this->username.'</a>';
+               return '<a href="'.$link.'" class="userLink" data-user-id="'.$this->userID.'">'.StringUtil::encodeHtml($this->username).'</a>';
        }
 }