github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-26 04:27:05 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Don't allow formatting in titles when quoting other topics

Browse Source
This commit is contained in:
Robin Ward
2017-01-09 14:52:45 -05:00
parent d9146de080
commit 3b74c0e3b8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/pretty_text/helpers.rb
View File

@ -50,7 +50,7 @@ module PrettyText
topic = Topic.find_by(id: topic_id) topic = Topic.find_by(id: topic_id)
if topic && Guardian.new.can_see?(topic) if topic && Guardian.new.can_see?(topic)
{ {
title: topic.title, title: Rack::Utils.escape_html(topic.title),
href: topic.url href: topic.url
} }
end end