Skip to content

E
edx-platform
Commit 94be6cf8 by stv
Options

Patch XSS vulnerability in Discussions 

This ports the upstream patch [1] into our fork. This change is made
manually, instead of cherry-picking, as we currently lack the most
recent changes to the discussions product [2].

We will pick up the recent changes (and patch tests) the next time we
merge from upstream.

[1] https://github.com/edx/edx-platform/commit/58553a7fb8fbc33dfd40c8e7ca39b0f896fb5b32
[2] https://github.com/edx/edx-platform/commit/988e4e6da5bf5f8db1cb269a82cc272c6d73ed72
parent 632ef253
Showing with 2 additions and 2 deletions
common/static/coffee/src/discussion/views/discussion_thread_view_inline.coffee
...@@ -45,7 +45,7 @@ if Backbone? ...@@ -45,7 +45,7 @@ if Backbone?
expandPost: (event) => expandPost: (event) =>
@$el.addClass('expanded') @$el.addClass('expanded')
@$el.find('.post-body').html(@model.get('body')) @$el.find('.post-body').text(@model.get('body'))
@showView.convertMath() @showView.convertMath()
@$el.find('.expand-post').css('display', 'none') @$el.find('.expand-post').css('display', 'none')
@$el.find('.collapse-post').css('display', 'block') @$el.find('.collapse-post').css('display', 'block')
...@@ -60,7 +60,7 @@ if Backbone? ...@@ -60,7 +60,7 @@ if Backbone?
if postTop < curScroll if postTop < curScroll
$('html, body').animate({scrollTop: postTop}) $('html, body').animate({scrollTop: postTop})
@$el.removeClass('expanded') @$el.removeClass('expanded')
@$el.find('.post-body').html(@model.get('abbreviatedBody')) @$el.find('.post-body').text(@model.get('abbreviatedBody'))
@showView.convertMath() @showView.convertMath()
@$el.find('.expand-post').css('display', 'block') @$el.find('.expand-post').css('display', 'block')
@$el.find('.collapse-post').css('display', 'none') @$el.find('.collapse-post').css('display', 'none')
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment