mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-06-04 16:54:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue]

Browse source
This commit is contained in:
Wu Cheng-Han 2016-11-26 22:55:31 +08:00
parent b43e63dd21
commit 9d4ede4cff
8 changed files with 15 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

2
public/views/disqus.ejs
View file

@ -5,7 +5,7 @@ var disqus_config = function () {
};
(function() {
var d = document, s = d.createElement('script');
s.src = '//<%- disqus %>.disqus.com/embed.js';
s.src = '//<%= disqus %>.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();