SECURITY: sanitize topic title when staff is viewing a user's past flagged posts and deleted topics

app/assets/javascripts/discourse/routes/build-admin-user-posts-route.js.es6

@@ -1,3 +1,5 @@
+import { emojiUnescape } from 'discourse/lib/text';
+
 export default function (filter) {
   return Discourse.Route.extend({
     actions: {
@@ -20,6 +22,12 @@ export default function (filter) {
       // initialize "canLoadMore"
       model.set("canLoadMore", model.get("itemsLoaded") === 60);
 
+      model.get('content').forEach((item) => {
+        if (item.get('title')) {
+          item.set('title', emojiUnescape(Handlebars.Utils.escapeExpression(item.title)));
+        }
+      });
+
       this.controllerFor("user-posts").set("model", model);
     },