mirror of
https://github.com/discourse/discourse.git
synced 2025-09-06 10:50:21 +08:00
SECURITY: Backported XSS fixes from Handlebars
This commit is contained in:
Robin Ward
parent
f4d44187c8
commit
434deb1bd3
22 changed files with 70 additions and 30 deletions
13
vendor/assets/javascripts/handlebars.js
vendored
13
vendor/assets/javascripts/handlebars.js
vendored
|
|
@ -64,11 +64,16 @@ var __module3__ = (function(__dependency1__) {
|
|||
">": ">",
|
||||
'"': """,
|
||||
"'": "'",
|
||||
"`": "`"
|
||||
'`': '`',
|
||||
'\n' : '\\n', // NewLine
|
||||
'\r' : '\\n', // Return
|
||||
'\b' : '\\b', // Backspace
|
||||
'\f' : '\\f', // Form fee
|
||||
'\t' : '\\t', // Tab
|
||||
'\v' : '\\v' // Vertical Tab
|
||||
};
|
||||
|
||||
var badChars = /[&<>"'`]/g;
|
||||
var possible = /[&<>"'`]/;
|
||||
var badChars = /[&<>"'`\b\f\n\r\t\v]/g;
|
||||
var possible = /[&<>"'`\b\f\n\r\t\v]/;
|
||||
|
||||
function escapeChar(chr) {
|
||||
return escape[chr];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue
