osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

FIX: Escape contents when using the quote tool.

Browse Source
This commit is contained in:
Robin Ward
2013-08-29 14:15:05 -04:00
parent 45b9f8048a
commit 1204eb62c3
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/assets/javascripts/discourse/components/quote.js
+4
View File
@@ -23,6 +23,10 @@ Discourse.Quote = {
sansQuotes = contents.replace(this.REGEXP, '').trim();
if (sansQuotes.length === 0) return "";
// Escape the content of the quote
sansQuotes = sansQuotes.replace(/</g, "&lt;")
.replace(/>/g, "&gt;");
result = "[quote=\"" + post.get('username') + ", post:" + post.get('post_number') + ", topic:" + post.get('topic_id');
/* Strip the HTML from cooked */