codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-27 17:46:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

SECURITY: Escape strings in logs

Browse source
This commit is contained in:
Sam Saffron 2014-09-16 07:53:17 +10:00
parent 8ba8846589
commit bb64c2236b
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/assets/javascripts/admin/models/staff_action_log.js
View file

@ -22,14 +22,14 @@ Discourse.StaffActionLog = Discourse.Model.extend({
formatted += this.format('admin.logs.staff_actions.previous_value', 'previous_value');
}
if (!this.get('useModalForDetails')) {
if (this.get('details')) formatted += this.get('details') + '<br/>';
if (this.get('details')) formatted += Handlebars.Utils.escapeExpression(this.get('details')) + '<br/>';
}
return formatted;
}.property('ip_address', 'email'),
format: function(label, propertyName) {
if (this.get(propertyName)) {
return ('<b>' + I18n.t(label) + ':</b> ' + this.get(propertyName) + '<br/>');
return ('<b>' + I18n.t(label) + ':</b> ' + Handlebars.Utils.escapeExpression(this.get(propertyName)) + '<br/>');
} else {
return '';
}