Discource-C/discourse
1
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-06 03:18:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Don't allow formatting in titles when quoting other topics

Browse Source
This commit is contained in:
Robin Ward 2017-01-09 14:52:45 -05:00
parent d9146de080
commit 3b74c0e3b8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/pretty_text/helpers.rb
View File

@ -50,7 +50,7 @@ module PrettyText
topic = Topic.find_by(id: topic_id)
if topic && Guardian.new.can_see?(topic)
{
title: topic.title,
title: Rack::Utils.escape_html(topic.title),
href: topic.url
}
end