mirror of
https://github.com/discourse/discourse.git
synced 2024-11-29 20:24:05 -06:00
SECURITY: fix XSS when expanding quotes
This commit is contained in:
parent
0ea11fbb81
commit
1714bfe441
@ -114,7 +114,13 @@ Discourse.PostView = Discourse.GroupedView.extend(Ember.Evented, {
|
||||
if ($aside.data('topic')) {
|
||||
topic_id = $aside.data('topic');
|
||||
}
|
||||
Discourse.ajax("/posts/by_number/" + topic_id + "/" + $aside.data('post')).then(function (result) {
|
||||
|
||||
var post_id = $aside.data('post');
|
||||
|
||||
topic_id = parseInt(topic_id,10);
|
||||
post_id = parseInt(post_id,10);
|
||||
|
||||
Discourse.ajax("/posts/by_number/" + topic_id + "/" + post_id).then(function (result) {
|
||||
var parsed = $(result.cooked);
|
||||
parsed.replaceText(originalText, "<span class='highlighted'>" + originalText + "</span>");
|
||||
$blockQuote.showHtml(parsed);
|
||||
|
Loading…
Reference in New Issue
Block a user