Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Escape email text for posts containing [details].

This commit is contained in:
Bianca Nenciu 2019-06-26 16:27:56 +03:00
parent 56b76f31dc
commit bccd090ced
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/discourse-details/plugin.rb
View File

@ -37,7 +37,7 @@ after_initialize do
link = fragment.document.create_element("a")
link["href"] = post.url if post
link.content = I18n.t("details.excerpt_details")
el.replace text + " " + link.to_html
el.replace CGI.escapeHTML(text) + " " + link.to_html
end
end