github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-29 01:31:35 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: don't escape html of poll options

Browse Source
This commit is contained in:
Sam
2017-07-25 13:38:04 -04:00
parent f2e592c1ab
commit 8317fb12e0
2 changed files with 97 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/poll/plugin.rb
View File

@ -157,14 +157,14 @@ after_initialize do
# extract attributes
p.attributes.values.each do |attribute|
if attribute.name.start_with?(DATA_PREFIX)
poll[attribute.name[DATA_PREFIX.length..-1]] = CGI::escapeHTML(attribute.value || "")
poll[attribute.name[DATA_PREFIX.length..-1]] = CGI.escapeHTML(attribute.value || "")
end
end
# extract options
p.css("li[#{DATA_PREFIX}option-id]").each do |o|
option_id = CGI::escapeHTML(o.attributes[DATA_PREFIX + "option-id"].value || "")
poll["options"] << { "id" => option_id, "html" => CGI::escapeHTML(o.inner_html), "votes" => 0 }
option_id = o.attributes[DATA_PREFIX + "option-id"].value || ""
poll["options"] << { "id" => option_id, "html" => o.inner_html, "votes" => 0 }
end
# add the poll