SECURITY: Backported XSS fixes from Handlebars

2025-05-24 14:12:10 +08:00 · 2015-11-24 16:07:47 -05:00
parent f4d44187c8
commit 434deb1bd3
22 changed files with 70 additions and 30 deletions
--- a/app/assets/javascripts/admin/components/ace-editor.js.es6
+++ b/app/assets/javascripts/admin/components/ace-editor.js.es6
@ -16,7 +16,7 @@ export default Ember.Component.extend({
  render(buffer) {
    buffer.push("<div class='ace'>");
    if (this.get('content')) {
-      buffer.push(Handlebars.Utils.escapeExpression(this.get('content')));
+      buffer.push(Discourse.Utilities.escapeExpression(this.get('content')));
    }
    buffer.push("</div>");
  },