Skip to content

Commit

Permalink
SECURITY: ve.ui.MWMediaDialog: Escape plaintext image metadata fields
Browse files Browse the repository at this point in the history 
CVE-2021-44855

Bug: T293589
Change-Id: I691b4065e67c53c4276599c8d16c31ab5591db3a
  • Loading branch information
@sbassett29 @reedy
sbassett29 authored and reedy committed Dec 15, 2021
1 parent ff22ddd commit 839b64d
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions modules/ve-mw/ui/dialogs/ve.ui.MWMediaDialog.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -788,9 +788,9 @@ ve.ui.MWMediaDialog.prototype.cleanAPIresponse = function ( rawResponse, config
}

// Check if the string should be truncated
return isTruncated && !config.ignoreCharLimit ?
return mw.html.escape( isTruncated && !config.ignoreCharLimit ?
originalText.slice( 0, charLimit ) + ellipsis :
originalText;
originalText );
};

/**
Expand Down

0 comments on commit 839b64d

Please sign in to comment.