Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1745 from ok-harry/master 

FIX: Title text should be correctly escaped since we are generating a raw html
This commit is contained in:
Régis Hanol 2013-12-23 05:48:42 -08:00
parent 34cbea64d1 dfc95d0f6f
commit 30565dcd8f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/discourse/helpers/application_helpers.js
View File

@ -289,7 +289,7 @@ Handlebars.registerHelper('number', function(property, options) {
var result = "<span class='" + classNames + "'";
if (n !== title) {
result += " title='" + title + "'";
result += " title='" + Handlebars.Utils.escapeExpression(title) + "'";
}
result += ">" + n + "</span>";