discourse/discourse
1
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-09 14:34:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

FIX: discobot certificate description wasn't escaped

Browse Source
This commit is contained in:
Régis Hanol 2018-03-27 17:57:53 +02:00 committed by GitHub
parent 62edf3c401
commit 0187423c68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/discourse-narrative-bot/lib/discourse_narrative_bot/base.rb
View File

@ -119,10 +119,12 @@ module DiscourseNarrativeBot
date: Time.zone.now.strftime('%b %d %Y'),
format: :svg
}
options.merge!(type: type) if type
src = Discourse.base_url + DiscourseNarrativeBot::Engine.routes.url_helpers.certificate_path(options)
"<img class='discobot-certificate' src='#{src}' width='650' height='464' alt='#{I18n.t("#{self.class::I18N_KEY}.certificate.alt")}'>"
alt = CGI.escapeHTML(I18n.t("#{self.class::I18N_KEY}.certificate.alt"))
"<img class='discobot-certificate' src='#{src}' width='650' height='464' alt='#{alt}'>"
end
protected