From 58edd203a9da7c8bf16ee697ff754786229c6c57 Mon Sep 17 00:00:00 2001
From: Guo Xiang Tan <tgx_world@hotmail.com>
Date: Thu, 4 May 2017 10:33:59 +0800
Subject: [PATCH] SECURITY: XSS issue in share popup if invalid link is passed
 in.

---
 app/assets/javascripts/discourse/components/share-popup.js.es6 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/assets/javascripts/discourse/components/share-popup.js.es6 b/app/assets/javascripts/discourse/components/share-popup.js.es6
index 687a3df1622..24f64262c36 100644
--- a/app/assets/javascripts/discourse/components/share-popup.js.es6
+++ b/app/assets/javascripts/discourse/components/share-popup.js.es6
@@ -39,7 +39,7 @@ export default Ember.Component.extend({
     } else {
       const $linkForTouch = $('#share-link .share-for-touch a');
       $linkForTouch.attr('href', link);
-      $linkForTouch.html(link);
+      $linkForTouch.text(link);
       const range = window.document.createRange();
       range.selectNode($linkForTouch[0]);
       window.getSelection().addRange(range);