codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-27 17:46:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

FIX: prevent iframe in expended quote

Browse source
This commit is contained in:
Régis Hanol 2014-10-28 22:58:22 +01:00
parent e7b39be194
commit 9b29a23ece
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/assets/javascripts/discourse/views/post_view.js
View file

@ -131,7 +131,9 @@ Discourse.PostView = Discourse.GroupedView.extend(Ember.Evented, {
topicId = parseInt(topicId, 10); topicId = parseInt(topicId, 10);
Discourse.ajax("/posts/by_number/" + topicId + "/" + postId).then(function (result) { Discourse.ajax("/posts/by_number/" + topicId + "/" + postId).then(function (result) {
var parsed = $(result.cooked); // slightly double escape the cooked html to prevent jQuery from unescaping it
var escaped = result.cooked.replace("&", "&");
var parsed = $(escaped);
parsed.replaceText(originalText, "<span class='highlighted'>" + originalText + "</span>"); parsed.replaceText(originalText, "<span class='highlighted'>" + originalText + "</span>");
$blockQuote.showHtml(parsed, 'fast', finished); $blockQuote.showHtml(parsed, 'fast', finished);
}); });