Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

composebox_typeahed: Generate properly escaped HTML. 

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg 2021-02-03 14:20:26 -08:00 committed by Tim Abbott
parent dc0972b775
commit 154fc03fa5
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
static/js/composebox_typeahead.js
View File

@ -2,6 +2,7 @@
const autosize = require("autosize"); const autosize = require("autosize");
const ConfirmDatePlugin = require("flatpickr/dist/plugins/confirmDate/confirmDate"); const ConfirmDatePlugin = require("flatpickr/dist/plugins/confirmDate/confirmDate");
const _ = require("lodash");
const moment = require("moment"); const moment = require("moment");
const pygments_data = require("../generated/pygments_data.json"); const pygments_data = require("../generated/pygments_data.json");
@ -978,7 +979,7 @@ exports.compose_trigger_selection = function (event) {
return false; return false;
}; };
function get_header_text() { function get_header_html() {
let tip_text = ""; let tip_text = "";
switch (this.completing) { switch (this.completing) {
case "stream": case "stream":
@ -998,7 +999,7 @@ function get_header_text() {
default: default:
return false; return false;
} }
return "<em>" + tip_text + "</em>"; return `<em>${_.escape(tip_text)}</em>`;
} }
exports.initialize_compose_typeahead = function (selector) { exports.initialize_compose_typeahead = function (selector) {
@ -1034,7 +1035,7 @@ exports.initialize_compose_typeahead = function (selector) {
completions, completions,
automated: exports.compose_automated_selection, automated: exports.compose_automated_selection,
trigger_selection: exports.compose_trigger_selection, trigger_selection: exports.compose_trigger_selection,
header: get_header_text, header: get_header_html,
}); });
}; };