Permalink
Browse files

fix xss on discard route, fix data-uuid

  • Loading branch information...
barisusakli committed Jun 27, 2018
1 parent b16c23f commit 6fb80e437b77ff17a719fd24d6c723f143dd4ccd
Showing with 5 additions and 3 deletions.
  1. +2 −1 library.js
  2. +2 −1 package.json
  3. +1 −1 static/lib/composer.js
@@ -14,6 +14,7 @@ var socketMethods = require('./websockets');
var async = module.parent.require('async');
var nconf = module.parent.require('nconf');
var validator = require('validator');
var plugin = module.exports;
@@ -173,7 +174,7 @@ plugin.build = function(data, callback) {
}
if (req.query.cid) {
discardRoute = nconf.get('relative_path') + '/category/' + req.query.cid;
discardRoute = nconf.get('relative_path') + '/category/' + validator.escape(String(req.query.cid));
} else if ((req.query.tid || req.query.pid)) {
if (data.topicData) {
discardRoute = nconf.get('relative_path') + '/topic/' + data.topicData.slug;
@@ -26,6 +26,7 @@
"compatibility": "^1.7.4"
},
"dependencies": {
"screenfull": "3.0.0"
"screenfull": "3.0.0",
"validator": "10.4.0"
}
}
@@ -276,7 +276,7 @@ define('composer', [
if (!post_uuid && !postData) {
post_uuid = utils.generateUUID();
composer.posts[post_uuid] = postData = ajaxify.data;
postContainer.attr('id', 'cmp-uuid-' + post_uuid);
postContainer.attr('data-uuid', post_uuid);
}
var bodyEl = postContainer.find('textarea');

0 comments on commit 6fb80e4

Please sign in to comment.