paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 05:53:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

ui_report: Fix HTML escaping of &.

Browse Source 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
This commit is contained in:
Anders Kaseorg
2019-12-12 16:41:59 -08:00
committed by Tim Abbott
parent c0822739d0
commit b3caa79f35
1 changed files with 1 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
static/js/ui_report.js
View File

@@ -21,20 +21,11 @@ exports.message = function (response, status_box, cls, remove_after) {
status_box.addClass("show");
};
function escape(html) {
return html
.toString()
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#39;');
}
exports.error = function (response, xhr, status_box) {
if (xhr && xhr.status.toString().charAt(0) === "4") {
// Only display the error response for 4XX, where we've crafted
// a nice response.
const server_response = escape(JSON.parse(xhr.responseText).msg);
const server_response = _.escape(JSON.parse(xhr.responseText).msg);
if (response) {
response += ": " + server_response;
} else {