github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Cross-Site Scripting in Category and Group Settings

Browse Source
This commit is contained in:
Robin Ward
2016-07-28 11:57:30 -04:00
parent 77847f0d46
commit cf5b756b1a
6 changed files with 69 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
test/javascripts/helpers/create-pretender.js.es6
View File

@ -109,7 +109,13 @@ export default function() {
});
this.put('/categories/:category_id', request => {
const category = parsePostData(request.requestBody);
if (category.email_in === "duplicate@example.com") {
return response(422, {"errors": ['duplicate email']});
}
return response({category});
});