Escape html names everywhere (#417)

src/directives/contact_badge.ts

@@ -60,7 +60,7 @@ export default [
                                     eee-resolution="'low'"></eee-avatar>
                     </section>
                     <div class="receiver-badge-name"
-                        ng-bind-html="ctrl.contactReceiver.displayName | emojify">
+                        ng-bind-html="ctrl.contactReceiver.displayName | escapeHtml | emojify">
                     </div>
                     <div class="contact-badge-identity">
                         {{ctrl.contactReceiver.id}}

src/directives/distribution_list_badge.ts

@@ -45,7 +45,8 @@ export default [
                                     eee-receiver="ctrl.distributionListReceiver"
                                     eee-resolution="'low'"></eee-avatar>
                     </section>
-                    <div class="receiver-badge-name" ng-bind-html="ctrl.distributionListReceiver.displayName | emojify">
+                    <div class="receiver-badge-name"
+                        ng-bind-html="ctrl.distributionListReceiver.displayName | escapeHtml | emojify">
                     </div>
 
                 </div>

src/directives/group_badge.ts

@@ -63,7 +63,8 @@ export default [
                                     eee-receiver="ctrl.groupReceiver"
                                     eee-resolution="'low'"></eee-avatar>
                     </section>
-                    <div class="receiver-badge-name" ng-bind-html="ctrl.groupReceiver.displayName | emojify">
+                    <div class="receiver-badge-name"
+                        ng-bind-html="ctrl.groupReceiver.displayName | escapeHtml | emojify">
                     </div>
                     <div class="receiver-role" ng-if="ctrl.showRoleIcon" title="{{ctrl.roleLabel}}">
                         <md-icon aria-label="{{ctrl.roleLabel}}"  class="material-icons md-24">

src/directives/message_contact.ts

@@ -26,7 +26,7 @@ export default [
             template: `
                 <span class="message-name"
                     ng-style="colored && {'color': contact.color}"
-                       ng-bind-html="contact.displayName | emojify">
+                       ng-bind-html="contact.displayName | escapeHtml | emojify">
                 </span>
             `,
         };

src/directives/message_quote.ts

@@ -35,7 +35,7 @@ export default [
             template: `
                 <div class="message-quote-content" ng-style="{'border-color': ctrl.contact().color}">
                     <span class="message-name" ng-style="{'color': ctrl.contact().color}"
-                        ng-bind-html="ctrl.contact().displayName | emojify"></span>
+                        ng-bind-html="ctrl.contact().displayName | escapeHtml | emojify"></span>
                     <span class="message-quote" ng-bind-html="ctrl.quote.text | escapeHtml | markify | emojify | linkify | mentionify | nlToBr"></span>
                 </div>
             `,

src/partials/messenger.conversation.html

@@ -11,14 +11,15 @@
                         eee-resolution="'low'"></eee-avatar>
         </div>
         <div class="header-details" ng-click="ctrl.showReceiver()">
-            <div class="conversation-header-details-name" ng-bind-html="ctrl.receiver.displayName | escapeHtml | emojify"></div>
+            <div class="conversation-header-details-name"
+                 ng-bind-html="ctrl.receiver.displayName | escapeHtml | emojify"></div>
             <div class="conversation-header-details-detail" ng-if="ctrl.type == 'contact'">
             <eee-verification-level ng-if="ctrl.type == 'contact'"
                                     contact="ctrl.receiver"></eee-verification-level>
             </div>
             <div class="conversation-header-details-detail" ng-if="ctrl.type == 'group'"
-                 title="{{ ctrl.receiver.members | idsToNames }}">
-                <span ng-bind-html="ctrl.receiver.members | idsToNames | emojify"></span>
+                 title="{{ ctrl.receiver.members | idsToNames | escapeHtml }}">
+                <span ng-bind-html="ctrl.receiver.members | idsToNames | escapeHtml | emojify"></span>
             </div>
         </div>
     </div>