mirror of
https://github.com/discourse/discourse.git
synced 2024-11-28 02:03:45 +08:00
FIX: Title text should be correctly escaped since we are generating a raw html.
This commit is contained in:
parent
39a360f6e3
commit
dfc95d0f6f
|
@ -289,7 +289,7 @@ Handlebars.registerHelper('number', function(property, options) {
|
||||||
var result = "<span class='" + classNames + "'";
|
var result = "<span class='" + classNames + "'";
|
||||||
|
|
||||||
if (n !== title) {
|
if (n !== title) {
|
||||||
result += " title='" + title + "'";
|
result += " title='" + Handlebars.Utils.escapeExpression(title) + "'";
|
||||||
}
|
}
|
||||||
result += ">" + n + "</span>";
|
result += ">" + n + "</span>";
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user