Fix XSS in Ponder · recaptime.dev/phorge@42ee1d0

@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge

phorge phabricator

fork

Fix XSS in Ponder

Summary: See rP883829e6676fc3412b83b6ab16f7bf5b56b174b8

Test Plan: Verified no XSS with a title like `<b>!</b>`.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4534

epriestley 13 years ago 42ee1d0e dd5da0fe

+1 -1

1 changed file

expand all

src

applications

ponder

view

PonderUserProfileView.php

+1 -1

src/applications/ponder/view/PonderUserProfileView.php

··· 84 84 array( 85 85 'href' => '/Q'.$question->getID(), 86 86 ), 87 - self::abbreviate($question->getTitle())))); 87 + phutil_escape_html(self::abbreviate($question->getTitle()))))); 88 88 89 89 $view->addItem($item); 90 90 }

Configure Feed

Configure Feed