github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 07:11:34 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Backported XSS fixes from Handlebars

Browse Source
This commit is contained in:
Robin Ward
2015-11-24 16:07:47 -05:00
parent f4d44187c8
commit 434deb1bd3
22 changed files with 70 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/assets/javascripts/admin/controllers/modals/admin-badge-preview.js.es6
View File

@ -22,7 +22,7 @@ export default Ember.Controller.extend({
returned = "<pre class='badge-query-plan'>";
_.each(raw, function(linehash) {
returned += Handlebars.Utils.escapeExpression(linehash["QUERY PLAN"]);
returned += Discourse.Utilities.escapeExpression(linehash["QUERY PLAN"]);
returned += "<br>";
});
@ -32,7 +32,7 @@ export default Ember.Controller.extend({
processed_sample: Ember.computed.map('model.sample', function(grant) {
var i18nKey = 'admin.badges.preview.grant.with',
i18nParams = { username: Handlebars.Utils.escapeExpression(grant.username) };
i18nParams = { username: Discourse.Utilities.escapeExpression(grant.username) };
if (grant.post_id) {
i18nKey += "_post";
@ -41,7 +41,7 @@ export default Ember.Controller.extend({
if (grant.granted_at) {
i18nKey += "_time";
i18nParams.time = Handlebars.Utils.escapeExpression(moment(grant.granted_at).format(I18n.t('dates.long_with_year')));
i18nParams.time = Discourse.Utilities.escapeExpression(moment(grant.granted_at).format(I18n.t('dates.long_with_year')));
}
return I18n.t(i18nKey, i18nParams);