IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: fix XSS

Browse Source
This commit is contained in:
Sam Saffron
2014-06-16 10:24:54 +10:00
parent 258c353307
commit d65efe7304
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/discourse_diff.rb
View File

@@ -261,6 +261,7 @@ class DiscourseDiff
end
def characters(string)
string = CGI::escapeHTML(string)
@tokens.concat string.scan(/(\W|\w+[ \t]*)/).flatten
end