github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 14:23:26 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: prevent iframe in expended quote

Browse Source
This commit is contained in:
Régis Hanol 2014-10-28 22:58:22 +01:00
parent a412c3016e
commit 38e0c6645e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/assets/javascripts/discourse/views/post_view.js
View File

@ -126,7 +126,9 @@ Discourse.PostView = Discourse.GroupedView.extend(Ember.Evented, {
topicId = parseInt(topicId, 10);
Discourse.ajax("/posts/by_number/" + topicId + "/" + postId).then(function (result) {
var parsed = $(result.cooked);
// slightly double escape the cooked html to prevent jQuery from unescaping it
var escaped = result.cooked.replace("&", "&");
var parsed = $(escaped);
parsed.replaceText(originalText, "<span class='highlighted'>" + originalText + "</span>");
$blockQuote.showHtml(parsed);
});