github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 03:36:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Prefer Loofah for processing cooked HTML

Browse Source
This commit is contained in:
Bianca Nenciu
2021-02-24 17:14:43 +02:00
committed by Bianca Nenciu
parent daf34ae7e2
commit 0c8d658ba8
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/cooked_post_processor.rb
View File

@ -22,7 +22,7 @@ class CookedPostProcessor
@cooking_options = @cooking_options.symbolize_keys
cooked = post.cook(post.raw, @cooking_options)
@doc = Nokogiri::HTML5::fragment(cooked)
@doc = Loofah.fragment(cooked)
@has_oneboxes = post.post_analyzer.found_oneboxes?
@size_cache = {}