Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-05-06 18:37:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: improper neutralization of user input in image wrapping code

Browse Source 
(Backport of: 1d1639d46f)
This commit is contained in:
Julian Lam
2023-06-13 14:53:16 -04:00
parent dd5ed9e507
commit 9ec7ab4afc
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/src/client/topic/images.js
View File

@@ -24,7 +24,7 @@ define('forum/topic/images', [], function () {
if (!$this.parent().is('a')) {
$this.wrap('<a href="' + src + '" ' +
(!srcExt && altExt ? ' download="' + altFilename + '" ' : '') +
(!srcExt && altExt ? ' download="' + utils.escapeHTML(altFilename) + '" ' : '') +
' target="_blank" rel="noopener">');
}
});