github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-24 04:31:56 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: sanitize topic title when staff is viewing a user's past flagged posts and deleted topics

Browse Source
This commit is contained in:
Neil Lalonde 2018-03-02 11:58:03 -05:00
parent 6a78669ca3
commit 5833d00739
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/assets/javascripts/discourse/routes/build-admin-user-posts-route.js.es6
View File

@ -1,3 +1,5 @@
import { emojiUnescape } from 'discourse/lib/text';
export default function (filter) {
return Discourse.Route.extend({
actions: {
@ -20,6 +22,12 @@ export default function (filter) {
// initialize "canLoadMore"
model.set("canLoadMore", model.get("itemsLoaded") === 60);
model.get('content').forEach((item) => {
if (item.get('title')) {
item.set('title', emojiUnescape(Handlebars.Utils.escapeExpression(item.title)));
}
});
this.controllerFor("user-posts").set("model", model);
},