From 248e860757e30282320cc5ca9c045b67b424edbc Mon Sep 17 00:00:00 2001
From: Alf Eaton <75253002+aeaton-overleaf@users.noreply.github.com>
Date: Thu, 4 Mar 2021 11:31:21 +0000
Subject: [PATCH] Merge pull request #3721 from overleaf/as-fix-register-xss

Prevent XSS on registration page

GitOrigin-RevId: 93e5a345752c3c5c42f488d9c75c70a9036bf53c
---
 services/web/app/views/user/register.pug | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/web/app/views/user/register.pug b/services/web/app/views/user/register.pug
index c89f44c7f1..16a2b2e4f2 100644
--- a/services/web/app/views/user/register.pug
+++ b/services/web/app/views/user/register.pug
@@ -6,7 +6,7 @@ block content
 			.row
 				.registration_message
 					if sharedProjectData.user_first_name !== undefined
-						h1  #{translate("user_wants_you_to_see_project", {username:sharedProjectData.user_first_name, projectname:""})}
+						h1(ng-non-bindable) #{translate("user_wants_you_to_see_project", {username:sharedProjectData.user_first_name, projectname:""})}
 							em(ng-non-bindable) #{sharedProjectData.project_name}
 						div
 							| #{translate("join_sl_to_view_project")}.