github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 14:12:10 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: prevents XSS in local-dates

Browse Source
This commit is contained in:
Joffrey JAFFEUX
2018-08-27 11:19:30 +02:00
committed by GitHub
parent cf3b7ccae2
commit 89e7d95cc7
2 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/discourse-local-dates/assets/javascripts/discourse-local-dates.js
View File

@ -46,10 +46,7 @@
var html = "<span>";
html += "<i class='fa fa-globe d-icon d-icon-globe'></i>";
html += relativeTime.replace(
"TZ",
_formatTimezone(moment.tz.guess()).join(": ")
);
html += "<span class='relative-time'></span>";
html += "</span>";
var joinedPreviews = previews.join(" – ");
@ -58,7 +55,14 @@
.html(html)
.attr("title", joinedPreviews)
.attr("data-tooltip", joinedPreviews)
.addClass("cooked");
.addClass("cooked")
.find(".relative-time")
.text(
relativeTime.replace(
"TZ",
_formatTimezone(moment.tz.guess()).join(": ")
)
);
if (repeat) {
this.timeout = setTimeout(function() {