diff --git a/api/models/profile/TwoFactorAuthForm.php b/api/models/profile/TwoFactorAuthForm.php index 1f2b47f..f78b00c 100644 --- a/api/models/profile/TwoFactorAuthForm.php +++ b/api/models/profile/TwoFactorAuthForm.php @@ -63,7 +63,7 @@ class TwoFactorAuthForm extends ApiForm { $provisioningUri = $this->getTotp()->getProvisioningUri(); return [ - 'qr' => 'data:image/svg+xml,' . htmlspecialchars(trim($this->drawQrCode($provisioningUri))), + 'qr' => 'data:image/svg+xml,' . trim($this->drawQrCode($provisioningUri)), 'uri' => $provisioningUri, 'secret' => $this->account->otp_secret, ]; diff --git a/tests/codeception/api/unit/models/profile/TwoFactorAuthFormTest.php b/tests/codeception/api/unit/models/profile/TwoFactorAuthFormTest.php index 36435f1..6e8837d 100644 --- a/tests/codeception/api/unit/models/profile/TwoFactorAuthFormTest.php +++ b/tests/codeception/api/unit/models/profile/TwoFactorAuthFormTest.php @@ -44,7 +44,7 @@ class TwoFactorAuthFormTest extends TestCase { $this->assertArrayHasKey('secret', $result); $this->assertNotNull($account->otp_secret); $this->assertEquals($account->otp_secret, $result['secret']); - $this->assertEquals('data:image/svg+xml,<_/>', $result['qr']); + $this->assertEquals('data:image/svg+xml,<_/>', $result['qr']); /** @var Account|\PHPUnit_Framework_MockObject_MockObject $account */ $account = $this->getMockBuilder(Account::class)