Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

compose: Generate properly escaped HTML. 

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg 2021-02-03 14:48:26 -08:00 committed by Tim Abbott
parent 154fc03fa5
commit f8d11c6479
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
static/js/compose.js
View File

@ -1,6 +1,7 @@
"use strict";
const Handlebars = require("handlebars/runtime");
const _ = require("lodash");
const render_compose_all_everyone = require("../templates/compose_all_everyone.hbs");
const render_compose_announce = require("../templates/compose_announce.hbs");
@ -901,7 +902,7 @@ exports.render_and_show_preview = function (preview_spinner, preview_content_box
// Handle previews of /me messages
rendered_preview_html =
"<p><strong>" +
page_params.full_name +
_.escape(page_params.full_name) +
"</strong>" +
rendered_content.slice("<p>/me".length);
} else {