Skip to content

Commit

Permalink
Fixed an XSS vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
@brandonkelly
brandonkelly committed Jun 17, 2019
1 parent 4a8b4fa commit 6432eca
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 3 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG-v3.md
View file
Expand Up @@ -17,6 +17,9 @@
- Fixed a bug where `Craft::alias()` wasn’t working on Windows servers. ([#4405](https://github.com/craftcms/cms/issues/4405))
- Fixed a bug where Craft wasn't parsing the `dsn` DB connection setting properly if it was supplied.

### Security
- Fixed an XSS vulnerability.

## 3.1.30 - 2019-06-11

### Changed
Expand Down
6 changes: 5 additions & 1 deletion src/web/assets/feed/dist/FeedWidget.js
View file
Expand Up @@ -27,7 +27,11 @@
var item = response.items[i],
$td = $($tds[i]);

var widgetHtml = '<a href="' + item.permalink + '" target="_blank">' + item.title + '</a> ';
var widgetHtml = $('<a/>', {
href: item.permalink,
target: '_blank',
text: item.title
}).html() + ' ';

if (item.date) {
widgetHtml += '<span class="light nowrap">' + item.date + '</span>';
Expand Down
2 changes: 1 addition & 1 deletion src/web/assets/feed/dist/FeedWidget.min.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion src/web/assets/feed/dist/FeedWidget.min.js.map
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 6432eca

Please sign in to comment.