IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-26 02:40:53 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: fix possible XSS with badges (#6912)

Browse Source
This commit is contained in:
Joffrey JAFFEUX 2019-01-21 13:08:26 +01:00 committed by GitHub
parent 6f0bc16baf
commit 52f2e0d6b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/admin/templates/user-badges.hbs
View File

@ -16,7 +16,7 @@
<form class="form-horizontal">
<div>
<label>{{i18n 'admin.badges.badge'}}</label>
{{combo-box filterable=true value=selectedBadgeId content=grantableBadges}}
{{combo-box forceEscape=true filterable=true value=selectedBadgeId content=grantableBadges}}
</div>
<div>
<label>{{i18n 'admin.badges.reason'}}</label>