mirror of https://github.com/zulip/zulip.git
CVE-2021-3853: Fix HTML escaping in recipient_row.
Commit 44f935695d
(#20462) incorrectly
added these extra braces while intending to add whitespace control.
This triple-brace syntax was asking Handlebars to skip escaping the
string.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
parent
3659d95092
commit
3eb2791c3e
|
@ -17,7 +17,7 @@
|
||||||
{{/if}}
|
{{/if}}
|
||||||
|
|
||||||
{{~! Recipient (e.g. stream/topic or topic) ~}}
|
{{~! Recipient (e.g. stream/topic or topic) ~}}
|
||||||
{{~{display_recipient}~}}
|
{{~display_recipient~}}
|
||||||
</a>
|
</a>
|
||||||
|
|
||||||
{{! hidden narrow icon for copy-pasting }}
|
{{! hidden narrow icon for copy-pasting }}
|
||||||
|
|
Loading…
Reference in New Issue