github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-13 12:03:45 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Escape email text for posts containing [details].

Browse Source
This commit is contained in:
Bianca Nenciu 2019-06-26 16:27:56 +03:00 committed by Gerhard Schlager
parent 2c26998f86
commit 3503271959
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/discourse-details/plugin.rb
View File

@ -37,7 +37,7 @@ after_initialize do
link = fragment.document.create_element("a")
link["href"] = post.url if post
link.content = I18n.t("details.excerpt_details")
el.replace text + " " + link.to_html
el.replace CGI.escapeHTML(text) + " " + link.to_html
end
end