From c7de4c3e4c16c297b4890a06924568a23b5d6e6e Mon Sep 17 00:00:00 2001
From: fede <federico.nicolas.polidoro@gmail.com>
Date: Fri, 26 Dec 2025 16:48:50 -0300
Subject: [PATCH 1/2] elimino el < para que no se haga xss

---
 src/lib/components/CardPerfil.svelte | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/components/CardPerfil.svelte b/src/lib/components/CardPerfil.svelte
index d36a517..71196fc 100644
--- a/src/lib/components/CardPerfil.svelte
+++ b/src/lib/components/CardPerfil.svelte
@@ -92,7 +92,7 @@
 			</h1>
 			{#if usu.bio}
 				<p class="mt-4 rounded-4xl bg-accent p-4 text-center text-muted-foreground">
-					{usu.bio.replaceAll('\n', '<br>')}
+					{usu.bio.replaceAll('<', '')}
 					<!-- {@html usu.bio.replaceAll('\n', '<br>')} -->
 				</p>
 			{/if}

From 09539b20f63e1a78b4c77199429f9f686da1f672 Mon Sep 17 00:00:00 2001
From: fede <federico.nicolas.polidoro@gmail.com>
Date: Fri, 26 Dec 2025 16:53:51 -0300
Subject: [PATCH 2/2] correjido otro xss

---
 src/lib/components/PostCard.svelte | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lib/components/PostCard.svelte b/src/lib/components/PostCard.svelte
index 5a48e3c..cdc1dc0 100644
--- a/src/lib/components/PostCard.svelte
+++ b/src/lib/components/PostCard.svelte
@@ -46,6 +46,7 @@
 
 	let contenido = $derived(() => {
 		let t = post.content.replaceAll('\n', '<br>');
+		t = post.content.replaceAll('<', '');
 		t = t.replace(
 			/#\p{L}*/u,
 			(match) =>