From 790acfd99f49bf7237c2e4823f308bc37ee18ade Mon Sep 17 00:00:00 2001
From: Guo Xiang Tan <tgx_world@hotmail.com>
Date: Thu, 4 May 2017 10:33:59 +0800
Subject: [PATCH] SECURITY: XSS issue in share popup if invalid link is passed
 in.

---
 app/assets/javascripts/discourse/components/share-popup.js.es6 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/assets/javascripts/discourse/components/share-popup.js.es6 b/app/assets/javascripts/discourse/components/share-popup.js.es6
index 4a502736319..a2857927175 100644
--- a/app/assets/javascripts/discourse/components/share-popup.js.es6
+++ b/app/assets/javascripts/discourse/components/share-popup.js.es6
@@ -39,7 +39,7 @@ export default Ember.Component.extend({
     } else {
       const $linkForTouch = $('#share-link .share-for-touch a');
       $linkForTouch.attr('href', link);
-      $linkForTouch.html(link);
+      $linkForTouch.text(link);
       const range = window.document.createRange();
       range.selectNode($linkForTouch[0]);
       window.getSelection().addRange(range);