github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 03:51:07 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: 2 XSSs in post gutter and local oneboxes

Browse Source
This commit is contained in:
Régis Hanol
2016-05-14 00:08:19 +02:00
parent fe5b0cf36f
commit 5a75972b0b
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/onebox/engine/discourse_local_onebox.rb
View File

@ -96,7 +96,7 @@ module Onebox
quote = post.excerpt(SiteSetting.post_onebox_maxlength)
args = { original_url: url,
title: PrettyText.unescape_emoji(topic.title),
title: PrettyText.unescape_emoji(CGI::escapeHTML(topic.title)),
avatar: PrettyText.avatar_img(topic.user.avatar_template, 'tiny'),
posts_count: topic.posts_count,
last_post: FreedomPatches::Rails4.time_ago_in_words(topic.last_posted_at, false, scope: :'datetime.distance_in_words_verbose'),