Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

search_suggestion: Add escaping for email addresses. 

This is probably unnecessary, but makes me feel better about every
code path in this file doing proper escaping to avoid XSS issues.
This commit is contained in:
Tim Abbott 2018-04-10 11:35:06 -07:00
parent 65b9d9e0f3
commit 0db715d222
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
static/js/search_suggestion.js
View File

@ -166,7 +166,7 @@ function get_group_suggestions(all_persons, last, operators) {
negated: negated,
};
var name = highlight_person(last_part, person);
var description = prefix + ' ' + all_but_last_part + ',' + name;
var description = prefix + ' ' + Handlebars.Utils.escapeExpression(all_but_last_part) + ',' + name;
var terms = [term];
if (negated) {
terms = [{operator: 'is', operand: 'private'}, term];