mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-10-26 16:46:12 +01:00
fix: potential for XSS here
This commit is contained in:
Andrew Rodrigues
GitHub
@@ -691,6 +691,7 @@
|
|||||||
},
|
},
|
||||||
|
|
||||||
urlToLocation: function (url) {
|
urlToLocation: function (url) {
|
||||||
|
url = encodeURI(url);
|
||||||
return $('<a href="' + url + '" />')[0];
|
return $('<a href="' + url + '" />')[0];
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user