LailaTheElf/hedgedoc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix to sanitize disqus shortnames to remove slashes [Security Issue]

Browse Source 
Signed-off-by: Max Wu <jackymaxj@gmail.com>
This commit is contained in:
Max Wu 2018-12-28 16:39:13 +08:00 committed by GitHub
parent f9cc2ff0ef
commit b89a35196a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/views/shared/disqus.ejs
View File

@ -5,7 +5,7 @@ var disqus_config = function () {
}; };
(function() { (function() {
var d = document, s = d.createElement('script'); var d = document, s = d.createElement('script');
s.src = 'https://<%= disqus %>.disqus.com/embed.js'; s.src = 'https://<%= disqus.replace(/[^A-Za-z0-9]+/g, '') %>.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date()); s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s); (d.head || d.body).appendChild(s);
})(); })();