paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 05:53:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

vdom: Use _.escape for correct HTML escaping.

Browse Source 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
This commit is contained in:
Anders Kaseorg
2020-02-13 17:22:17 -08:00
committed by Tim Abbott
parent 8e356368f7
commit e5b70920e5
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
static/js/vdom.js
View File

@@ -37,7 +37,7 @@ exports.render_tag = (tag) => {
*/
const opts = tag.opts;
const tag_name = tag.tag_name;
const attr_str = opts.attrs.map(attr => ' ' + attr[0] + '="' + util.escape_html(attr[1]) + '"').join('');
const attr_str = opts.attrs.map(attr => ' ' + attr[0] + '="' + _.escape(attr[1]) + '"').join('');
const start_tag = '<' + tag_name + attr_str + '>';
const end_tag = '</' + tag_name + '>';