Unverified Commit 02229c67 authored by Thomas Citharel's avatar Thomas Citharel
Browse files

Fix an XSS in the result graph


Signed-off-by: default avatarThomas Citharel <tcit@tcit.fr>
parent e0028dc8
......@@ -73,6 +73,10 @@ function smarty_modifier_addslashes_single_quote($string) {
return addcslashes($string, '\\\'');
}
function smarty_modifier_addslashes($string) {
return addslashes($string);
}
function smarty_modifier_html($html) {
return Utils::htmlEscape($html);
}
......
......@@ -282,7 +282,7 @@
});
var cols = [
{foreach $slots as $id=>$slot}
$('<div/>').html('{$slot->title|markdown:true}').text(),
"{$slot->title|markdown:true|addslashes}",
{/foreach}
];
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment