taiga
/
taiga-front
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[Backport] prevent template injection

stable
Juanfran 2016-05-23 11:02:47 +02:00
parent 8f37cd848f
commit 67af8c8dc8
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/modules/user-timeline/user-timeline-item/user-timeline-item-title.service.coffee
View File

@ -130,10 +130,14 @@ class UserTimelineItemTitle
_getLink: (url, text, title) -> _getLink: (url, text, title) ->
title = title || text title = title || text
span = $('<span>')
.attr('ng-non-bindable', true)
.text(text)
return $('<a>') return $('<a>')
.attr('tg-nav', url) .attr('tg-nav', url)
.text(text)
.attr('title', title) .attr('title', title)
.append(span)
.prop('outerHTML') .prop('outerHTML')
_getUsernameSpan: (text) -> _getUsernameSpan: (text) ->