github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: prefer render plain/html to render text where possible

Browse Source
This commit is contained in:
Sam Saffron
2017-04-10 08:01:25 -04:00
parent e49f3a408e
commit 0013a23dc1
9 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/application_controller.rb
View File

@ -29,7 +29,7 @@ class ApplicationController < ActionController::Base
unless is_api? || is_user_api?
super
clear_current_user
render text: "[\"BAD CSRF\"]", status: 403
render plain: "[\"BAD CSRF\"]", status: 403
end
end
@ -159,7 +159,7 @@ class ApplicationController < ActionController::Base
render_json_error I18n.t(type), type: type, status: status_code
else
render text: build_not_found_page(status_code, include_ember ? 'application' : 'no_ember')
render html: build_not_found_page(status_code, include_ember ? 'application' : 'no_ember')
end
end