codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-28 01:56:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

FIX: escape input of forgot password form before rendering it back to you

Browse source
This commit is contained in:
Neil Lalonde 2014-07-15 17:19:28 -04:00
parent 7dade2cd99
commit 82bdef2047
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/assets/javascripts/discourse/controllers/forgot-password.js.es6
View file

@ -24,10 +24,11 @@ export default Discourse.Controller.extend(Discourse.ModalFunctionality, {
});
// don't tell people what happened, this keeps it more secure (ensure same on server)
var escaped = Handlebars.Utils.escapeExpression(this.get('accountEmailOrUsername'));
if (this.get('accountEmailOrUsername').match(/@/)) {
this.flash(I18n.t('forgot_password.complete_email', {email: this.get('accountEmailOrUsername')}));
this.flash(I18n.t('forgot_password.complete_email', {email: escaped}));
} else {
this.flash(I18n.t('forgot_password.complete_username', {username: this.get('accountEmailOrUsername')}));
this.flash(I18n.t('forgot_password.complete_username', {username: escaped}));
}
return false;
}