SECURITY: escape cat name (#14154)

SECURITY: escape cat name (#14154)

diff --git a/app/assets/javascripts/discourse/app/models/category.js b/app/assets/javascripts/discourse/app/models/category.js
index 940bb5b..2fe8ea5 100644
--- a/app/assets/javascripts/discourse/app/models/category.js
+++ b/app/assets/javascripts/discourse/app/models/category.js
@@ -8,6 +8,7 @@ import { ajax } from "discourse/lib/ajax";
 import { get } from "@ember/object";
 import { getOwner } from "discourse-common/lib/get-owner";
 import getURL from "discourse-common/lib/get-url";
+import { escapeExpression } from "discourse/lib/utilities";
 
 const STAFF_GROUP_NAME = "staff";
 
@@ -56,6 +57,11 @@ const Category = RestModel.extend({
     return { type: "category", id, category: this };
   },
 
+  @discourseComputed("name")
+  escapeName(name) {
+    return escapeExpression(name);
+  },
+
   @discourseComputed("parentCategory.ancestors")
   ancestors(parentAncestors) {
     return [...(parentAncestors || []), this];
diff --git a/app/assets/javascripts/discourse/app/templates/components/category-title-link.hbs b/app/assets/javascripts/discourse/app/templates/components/category-title-link.hbs
index 43cec19..3f7ad86 100644
--- a/app/assets/javascripts/discourse/app/templates/components/category-title-link.hbs
+++ b/app/assets/javascripts/discourse/app/templates/components/category-title-link.hbs
@@ -4,7 +4,7 @@
     {{#if category.read_restricted}}
       {{d-icon lockIcon}}
     {{/if}}
-    <span class="category-name">{{dir-span category.name}}</span>
+    <span class="category-name">{{dir-span category.escapeName}}</span>
   </div>
   {{#if category.uploaded_logo.url}}
     {{cdn-img

GitHub sha: 75b0d6df93e1fd99a87195487b0de12533ec909f

This commit appears in #14154 which was approved by martin. It was merged by blake.