Discource-C
/
discourse-math
mirror of https://github.com/discourse/discourse-math.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: do not allow tags in math wrapper

This commit is contained in:
Sam 2018-08-17 16:14:27 +10:00
parent 28162e9ded
commit fd5258cb3c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
assets/javascripts/initializers/discourse-math.js.es6
View File

@ -52,14 +52,14 @@ function decorate(elem, isPreview) {
`<${tag} style="display: none;"><script type="math/tex${display}"></script></${tag}>`
);
$math = $mathWrapper.children();
$math.html($elem.text());
$math.text($elem.text());
$elem.after($mathWrapper);
} else if ($elem.hasClass("asciimath")) {
$mathWrapper = $(
`<span style="display: none;"><script type="math/asciimath"></script></span>`
);
$math = $mathWrapper.children();
$math.html($elem.text());
$math.text($elem.text());
$elem.after($mathWrapper);
}