fix(security): fixing possible xss issue in parsed objects

Fixes #1106

Author: lirantal

modules/core/server/controllers/core.server.controller.js

@@ -1,11 +1,29 @@
 'use strict';
 
+var validator = require('validator');
+
 /**
  * Render the main application page
  */
 exports.renderIndex = function (req, res) {
+
+  var safeUserObject = null;
+  if (req.user) {
+    safeUserObject = {
+      displayName: validator.escape(req.user.displayName),
+      provider: validator.escape(req.user.provider),
+      username: validator.escape(req.user.username),
+      created: req.user.created.toString(),
+      roles: req.user.roles,
+      profileImageURL: validator.escape(req.user.profileImageURL),
+      email: validator.escape(req.user.email),
+      lastName: validator.escape(req.user.lastName),
+      firstName: validator.escape(req.user.firstName)
+    };
+  }
+
   res.render('modules/core/server/views/index', {
-    user: req.user || null
+    user: safeUserObject
   });
 };