revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-02-22 19:49:02 +01:00
Code Issues Releases Wiki Activity

Fix XSS in Ponder

Browse source 
Summary: See rP883829e6676fc3412b83b6ab16f7bf5b56b174b8

Test Plan: Verified no XSS with a title like `<b>!</b>`.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4534
This commit is contained in:
epriestley 2013-01-19 09:42:18 -08:00
parent dd5da0fedb
commit 42ee1d0ed6
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/applications/ponder/view/PonderUserProfileView.php
View file

@ -84,7 +84,7 @@ final class PonderUserProfileView extends AphrontView {
array(
'href' => '/Q'.$question->getID(),
),
self::abbreviate($question->getTitle()))));
phutil_escape_html(self::abbreviate($question->getTitle())))));
$view->addItem($item);
}