From e44d29a04d92ebdb96498e788d18f487679486f2 Mon Sep 17 00:00:00 2001
From: Peter Wilson <519727+peterwilsoncc@users.noreply.github.com>
Date: Mon, 6 Nov 2023 08:09:33 +1100
Subject: [PATCH] Escape URL for display.

---
 includes/class-simple-local-avatars.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/class-simple-local-avatars.php b/includes/class-simple-local-avatars.php
index d796379c..09cf948a 100644
--- a/includes/class-simple-local-avatars.php
+++ b/includes/class-simple-local-avatars.php
@@ -386,7 +386,7 @@ public function get_simple_local_avatar_url( $id_or_email, $size ) {
 		$url = apply_filters( 'pre_simple_local_avatar_url', null, $user_id, $size, $local_avatars );
 
 		if ( is_string( $url ) ) {
-			return $url;
+			return esc_url( $url );
 		}
 
 		// handle "real" media