SECURITY: Onebox templates' HTML injections.

The use of triple-curlies on Mustache templates opens the possibility for HTML injections.
2025-06-05 09:44:40 +08:00 · 2023-10-23 14:19:21 -03:00
parent 5f20748e40
commit d78357917c
4 changed files with 103 additions and 6 deletions
--- a/lib/onebox/templates/discourse_category_onebox.mustache
+++ b/lib/onebox/templates/discourse_category_onebox.mustache
@ -6,15 +6,15 @@
    <h3>
      <a class="badge-wrapper bullet" href="{{url}}">
        {{#color}}
-          <span class="badge-category-bg" style="background-color: #{{{color}}}"></span>
+          <span class="badge-category-bg" style="background-color: #{{color}}"></span>
        {{/color}}
-        <span class="clear-badge"><span>{{{name}}}</span></span>
+        <span class="clear-badge"><span>{{name}}</span></span>
      </a>
    </h3>
    {{#description}}
      <div>
        <span class="description">
-          <p>{{{description}}}</p>
+          <p>{{description}}</p>
        </span>
      </div>
    {{/description}}
@ -23,8 +23,8 @@
        {{#subcategories}}
          <span class="subcategory">
            <a class="badge-wrapper bullet" href="{{url}}">
-              <span class="badge-category-bg" style="background-color: #{{{color}}}"></span>
-              <span class="badge-category clear-badge"><span class="category-name">{{{name}}}</span></span>
+              <span class="badge-category-bg" style="background-color: #{{color}}"></span>
+              <span class="badge-category clear-badge"><span class="category-name">{{name}}</span></span>
            </a>
          </span>
        {{/subcategories}}