mirror of
https://github.com/discourse/discourse.git
synced 2025-02-23 22:32:12 +08:00
SECURITY: XSS Protection on Queued Posts
This commit is contained in:
parent
a324c71869
commit
e9f80464b4
@ -1,6 +1,6 @@
|
|||||||
import registerUnbound from 'discourse/helpers/register-unbound';
|
import registerUnbound from 'discourse/helpers/register-unbound';
|
||||||
|
|
||||||
registerUnbound('cook-text', function(text) {
|
registerUnbound('cook-text', function(text) {
|
||||||
return new Handlebars.SafeString(Discourse.Markdown.cook(text));
|
return new Handlebars.SafeString(Discourse.Markdown.cook(text, {sanitize: true}));
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -1,6 +1,13 @@
|
|||||||
|
import loadScript from 'discourse/lib/load-script';
|
||||||
import DiscourseRoute from 'discourse/routes/discourse';
|
import DiscourseRoute from 'discourse/routes/discourse';
|
||||||
|
|
||||||
export default DiscourseRoute.extend({
|
export default DiscourseRoute.extend({
|
||||||
|
|
||||||
|
// this route requires the sanitizer
|
||||||
|
beforeModel() {
|
||||||
|
loadScript('defer/html-sanitizer-bundle');
|
||||||
|
},
|
||||||
|
|
||||||
model() {
|
model() {
|
||||||
return this.store.find('queuedPost', {status: 'new'});
|
return this.store.find('queuedPost', {status: 'new'});
|
||||||
},
|
},
|
||||||
|
Loading…
x
Reference in New Issue
Block a user