github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-16 05:53:47 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: santize tags when creating new topic via URL

Browse Source
This commit is contained in:
Arpit Jalan 2018-04-16 01:07:47 +05:30
parent 27972c1202
commit 3edd6622df
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/assets/javascripts/discourse/controllers/composer.js.es6
View File

@ -696,7 +696,12 @@ export default Ember.Controller.extend({
}
if (opts.topicTags && !this.site.mobileView && this.site.get('can_tag_topics')) {
this.set('model.tags', opts.topicTags.split(","));
const self = this;
let tags = escapeExpression(opts.topicTags).split(",").slice(0, self.siteSettings.max_tags_per_topic);
tags.forEach(function(tag, index, array) {
array[index] = tag.substring(0, self.siteSettings.max_tag_length);
});
self.set('model.tags', tags);
}
if (opts.topicBody) {