Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: XSS in search results term 

Thanks to Jerbi Nessim
This commit is contained in:
Sam 2015-10-07 10:52:24 +11:00
parent 81a48af1a3
commit 845c33e4b1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/discourse/controllers/full-page-search.js.es6
View File

@ -75,7 +75,7 @@ export default Ember.Controller.extend({
}
});
}
return q;
return Handlebars.Utils.escapeExpression(q);
},
_searchOnSortChange: true,