Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-12-22 08:20:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape system message, don't allow editing system messages

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-01-19 22:20:43 -05:00
parent c8fb7f9246
commit 6a63c1a100
3 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/messaging/data.js
View File

@@ -1,5 +1,7 @@
'use strict';
const validator = require('validator');
var db = require('../database');
var user = require('../user');
var utils = require('../utils');
@@ -79,6 +81,7 @@ module.exports = function (Messaging) {
messages = await Promise.all(messages.map(async (message) => {
if (message.system) {
message.content = validator.escape(String(message.content));
return message;
}