Fix discussion XSS issue

edx · Aug 4, 2021 · f1e2d96 · f1e2d96
1 parent 20447e5
commit f1e2d96
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/common/static/common/js/discussion/utils.js b/common/static/common/js/discussion/utils.js
@@ -370,7 +370,8 @@
         var RE_DISPLAYMATH = /^([^\$]*?)\$\$([^\$]*?)\$\$(.*)$/m,
             RE_INLINEMATH = /^([^\$]*?)\$([^\$]+?)\$(.*)$/m,
             ESCAPED_DOLLAR = '@@ESCAPED_D@@',
-            ESCAPED_BACKSLASH = '@@ESCAPED_B@@';
+            ESCAPED_BACKSLASH = '@@ESCAPED_B@@',
+            LATEX_SCRIPT = '\{javascript\:(.+?)\}';
 
         /**
          * Formats math and code chunks
@@ -417,6 +418,7 @@
                 return processor(('\\begin{' + $1 + '}') + $2 + ('\\end{' + $1 + '}'));
             });
             htmlString = htmlString.replace(new RegExp(ESCAPED_BACKSLASH, 'g'), '\\\\\\\\');
+            htmlString = htmlString.replace(new RegExp(LATEX_SCRIPT, 'g'), '{}');
             $div = edx.HtmlUtils.setHtml($('<div>'), edx.HtmlUtils.HTML(htmlString));
             $div.find('code').each(function(index, code) {
                 edx.HtmlUtils.setHtml(