From 5eb173d9cf67967c61c512c7ffedb1cf4a4b5b94 Mon Sep 17 00:00:00 2001
From: Juanfran <juanfran.alcantara@kaleidos.net>
Date: Wed, 22 Jul 2015 14:56:36 +0200
Subject: [PATCH] fix issue #3094 - angular code xss in comments

---
 app/partials/common/history/history-activity.jade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/partials/common/history/history-activity.jade b/app/partials/common/history/history-activity.jade
index 85f069f4..ee6152fa 100644
--- a/app/partials/common/history/history-activity.jade
+++ b/app/partials/common/history/history-activity.jade
@@ -15,7 +15,7 @@ div(class!="activity-single <%- mode %>")
             span(translate="COMMENTS.DELETED_INFO",
                  translate-values!="{ user: '<%- deleteCommentUser %>', date: '<%- deleteCommentDate %>'}")
         <% } %>
-        .comment.wysiwyg
+        .comment.wysiwyg(ng-non-bindable)
             | <%= comment %>
             <% if (!deleteCommentDate && mode !== "activity" && canDeleteComment) { %>
             a(href="", class="icon icon-delete comment-delete", data-activity-id!="<%- activityId %>")