From b5b847f6d65bafe51f492d626cd2979c4088536e Mon Sep 17 00:00:00 2001
From: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Date: Wed, 27 Jun 2018 14:35:47 +0200
Subject: [PATCH] SECURITY: prevents XSS when showing tooltip

---
 app/assets/javascripts/discourse/lib/tooltip.js.es6 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/assets/javascripts/discourse/lib/tooltip.js.es6 b/app/assets/javascripts/discourse/lib/tooltip.js.es6
index ef0e77bc091..1beabf6f86b 100644
--- a/app/assets/javascripts/discourse/lib/tooltip.js.es6
+++ b/app/assets/javascripts/discourse/lib/tooltip.js.es6
@@ -1,9 +1,11 @@
+import { escapeExpression } from "discourse/lib/utilities";
+
 export function showTooltip() {
   const fadeSpeed = 300;
   const tooltipID = "#discourse-tooltip";
   const $this = $(this);
   const $parent = $this.offsetParent();
-  const content = $this.attr("data-tooltip");
+  const content = escapeExpression($this.attr("data-tooltip"));
   const retina =
     window.devicePixelRatio && window.devicePixelRatio > 1
       ? "class='retina'"