github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Escape Font Awesome icons (#12421)

Browse Source 
This is not a security issue because regular users are not allowed to insert FA icons anywhere in the app. Admins can insert icons via custom badges, but they do have the ability to create themes with JS.
This commit is contained in:
Osama Sayegh
2021-03-17 16:11:40 +03:00
committed by GitHub
parent a23d0f9961
commit d56b2e85aa
5 changed files with 60 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/pretty_text.rb
View File

@ -91,6 +91,7 @@ module PrettyText
apply_es6_file(ctx, root_path, "discourse-common/addon/lib/get-url")
apply_es6_file(ctx, root_path, "discourse-common/addon/lib/object")
apply_es6_file(ctx, root_path, "discourse-common/addon/lib/deprecated")
apply_es6_file(ctx, root_path, "discourse-common/addon/lib/escape")
apply_es6_file(ctx, root_path, "discourse/app/lib/to-markdown")
apply_es6_file(ctx, root_path, "discourse/app/lib/utilities")