From b65f2818423de8d6809e9a0e7b73f93a0fd5f710 Mon Sep 17 00:00:00 2001
From: Kris <kris.aubuchon@discourse.org>
Date: Tue, 5 Dec 2023 15:48:13 -0500
Subject: [PATCH] FIX: escape category description text (#24724)

---
 app/assets/javascripts/discourse/app/helpers/category-link.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/assets/javascripts/discourse/app/helpers/category-link.js b/app/assets/javascripts/discourse/app/helpers/category-link.js
index 28029ea571f..35b0418d1ec 100644
--- a/app/assets/javascripts/discourse/app/helpers/category-link.js
+++ b/app/assets/javascripts/discourse/app/helpers/category-link.js
@@ -103,7 +103,7 @@ function buildTopicCount(count) {
 }
 
 export function defaultCategoryLinkRenderer(category, opts) {
-  let descriptionText = get(category, "description_text");
+  let descriptionText = escapeExpression(get(category, "description_text"));
   let restricted = get(category, "read_restricted");
   let url = opts.url
     ? opts.url