Use strip_tags() for error message in ajax_die() (#990)

library/ajax/edit_user_profile.php

@@ -27,7 +27,7 @@ switch ($field) {
     case 'username':
         $value = clean_username($value);
         if ($err = \TorrentPier\Validate::username($value)) {
-            $this->ajax_die(strip_tags($err));
+            $this->ajax_die($err);
         }
         $this->response['new_value'] = $this->request['value'];
         break;

library/ajax/posts.php

@@ -74,7 +74,7 @@ switch ($this->request['type']) {
 
     case 'reply':
         if (bf($userdata['user_opt'], 'user_opt', 'dis_post')) {
-            $this->ajax_die(strip_tags($lang['RULES_REPLY_CANNOT']));
+            $this->ajax_die($lang['RULES_REPLY_CANNOT']);
         } elseif (!$is_auth['auth_reply']) {
             $this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
         }
@@ -217,7 +217,7 @@ switch ($this->request['type']) {
         }
 
         if (bf($userdata['user_opt'], 'user_opt', 'dis_post')) {
-            $this->ajax_die(strip_tags($lang['RULES_REPLY_CANNOT']));
+            $this->ajax_die($lang['RULES_REPLY_CANNOT']);
         } elseif (!$is_auth['auth_reply']) {
             $this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
         }

src/Ajax.php

@@ -145,7 +145,7 @@ class Ajax
     public function ajax_die(string $error_msg, int $error_code = E_AJAX_GENERAL_ERROR)
     {
         $this->response['error_code'] = $error_code;
-        $this->response['error_msg'] = $error_msg;
+        $this->response['error_msg'] = strip_tags($error_msg);
 
         $this->send();
     }