Permalink
Browse files

Context-sensitive XSS bugfix.

  • Loading branch information...
steinhause committed Oct 26, 2018
1 parent 557fe23 commit 306f940b26ccf3f406665f07bece1229a7a5dcfa
Showing with 1 addition and 1 deletion.
  1. +1 −1 app/helpers/tags_helper.rb
@@ -17,7 +17,7 @@ def tags_for_index(model)
elsif !query.include?(hashtag)
query += " #{hashtag}"
end
out << link_to_function(tag, "crm.search_tagged('#{query}', '#{model.class.to_s.tableize}')", title: tag)
out << link_to_function(tag, "crm.search_tagged('#{escape_javascript(query)}', '#{model.class.to_s.tableize}')", title: tag)
end
end

0 comments on commit 306f940

Please sign in to comment.