Merge pull request #455 from ohaal/master

Fix XSS vulnerability
This commit is contained in:
Mattias Erming 2015-09-18 22:06:05 +02:00
commit e0e20e5eef
2 changed files with 2 additions and 2 deletions

View File

@ -160,7 +160,7 @@ templates['toggle'] = template({"1":function(depth0,helpers,partials,data) {
stack1 = helpers['if'].call(depth0, (depth0 != null ? depth0.thumb : depth0), {"name":"if","hash":{},"fn":this.program(5, data),"inverse":this.noop,"data":data}); stack1 = helpers['if'].call(depth0, (depth0 != null ? depth0.thumb : depth0), {"name":"if","hash":{},"fn":this.program(5, data),"inverse":this.noop,"data":data});
if (stack1 != null) { buffer += stack1; } if (stack1 != null) { buffer += stack1; }
buffer += " <div class=\"head\">"; buffer += " <div class=\"head\">";
stack1 = ((helper = (helper = helpers.head || (depth0 != null ? depth0.head : depth0)) != null ? helper : helperMissing),(typeof helper === functionType ? helper.call(depth0, {"name":"head","hash":{},"data":data}) : helper)); stack1 = ((helpers.parse || (depth0 && depth0.parse) || helperMissing).call(depth0, (depth0 != null ? depth0.head : depth0), {"name":"parse","hash":{},"data":data}));
if (stack1 != null) { buffer += stack1; } if (stack1 != null) { buffer += stack1; }
return buffer + "</div>\n <div class=\"body\">\n " return buffer + "</div>\n <div class=\"body\">\n "
+ escapeExpression(((helper = (helper = helpers.body || (depth0 != null ? depth0.body : depth0)) != null ? helper : helperMissing),(typeof helper === functionType ? helper.call(depth0, {"name":"body","hash":{},"data":data}) : helper))) + escapeExpression(((helper = (helper = helpers.body || (depth0 != null ? depth0.body : depth0)) != null ? helper : helperMissing),(typeof helper === functionType ? helper.call(depth0, {"name":"body","hash":{},"data":data}) : helper)))

View File

@ -9,7 +9,7 @@
{{#if thumb}} {{#if thumb}}
<img src="{{thumb}}" class="thumb"> <img src="{{thumb}}" class="thumb">
{{/if}} {{/if}}
<div class="head">{{{head}}}</div> <div class="head">{{{parse head}}}</div>
<div class="body"> <div class="body">
{{body}} {{body}}
</div> </div>