Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: improper neutralization of user input in image wrapping code

Browse Source
This commit is contained in:
Julian Lam
2023-06-13 11:55:13 -04:00
parent c5cd76e798
commit 1d1639d46f
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
public/src/client/topic/images.js
View File

@@ -26,8 +26,9 @@ define('forum/topic/images', [], function () {
const srcExt = src.split('.').slice(1).pop();
const altFilename = alt.split('/').pop();
const altExt = altFilename.split('.').slice(1).pop();
imageEl.wrap('<a href="' + src + '" ' +
(!srcExt && altExt ? ' download="' + altFilename + '" ' : '') +
(!srcExt && altExt ? ' download="' + utils.escapeHTML(altFilename) + '" ' : '') +
' target="_blank" rel="noopener">');
}
};