codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-30 19:08:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

SECURITY: fix XSS when expanding quotes

Browse source
This commit is contained in:
Sam 2014-05-21 15:03:31 +10:00
parent 0ea11fbb81
commit 1714bfe441
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/assets/javascripts/discourse/views/post_view.js
View file

@ -114,7 +114,13 @@ Discourse.PostView = Discourse.GroupedView.extend(Ember.Evented, {
if ($aside.data('topic')) { if ($aside.data('topic')) {
topic_id = $aside.data('topic'); topic_id = $aside.data('topic');
} }
Discourse.ajax("/posts/by_number/" + topic_id + "/" + $aside.data('post')).then(function (result) {
var post_id = $aside.data('post');
topic_id = parseInt(topic_id,10);
post_id = parseInt(post_id,10);
Discourse.ajax("/posts/by_number/" + topic_id + "/" + post_id).then(function (result) {
var parsed = $(result.cooked); var parsed = $(result.cooked);
parsed.replaceText(originalText, "<span class='highlighted'>" + originalText + "</span>"); parsed.replaceText(originalText, "<span class='highlighted'>" + originalText + "</span>");
$blockQuote.showHtml(parsed); $blockQuote.showHtml(parsed);