mirror of
https://github.com/zulip/zulip.git
synced 2025-10-23 04:52:12 +00:00
3ca131743b
Commit 903dbda79b (#25370) introduced a
cross-site scripting vulnerability in the tooltips for the stream and
topic in the recipient bar. An attacker who can send messages could
maliciously craft a topic for the message, such that a victim who
hovers the tooltip for that topic in their message feed triggers
execution of JavaScript code controlled by the attacker.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
3 lines
41 B
Handlebars
3 lines
41 B
Handlebars
{{content}}
|
|
{{tooltip_hotkey_hints "S"}}
|