SECURITY: Escape email text for posts containing [details].
This commit is contained in:
parent
56b76f31dc
commit
bccd090ced
|
@ -37,7 +37,7 @@ after_initialize do
|
||||||
link = fragment.document.create_element("a")
|
link = fragment.document.create_element("a")
|
||||||
link["href"] = post.url if post
|
link["href"] = post.url if post
|
||||||
link.content = I18n.t("details.excerpt_details")
|
link.content = I18n.t("details.excerpt_details")
|
||||||
el.replace text + " " + link.to_html
|
el.replace CGI.escapeHTML(text) + " " + link.to_html
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue