Merge pull request #13123 from MrPetovan/bug/xss-notifications
Escape notification text in /notifications module
This commit is contained in:
commit
d272cecd55
|
@ -1,4 +1,4 @@
|
|||
|
||||
<div class="notif-item {{if !$item_seen}}unseen{{/if}}" {{if $item_seen}}aria-hidden="true"{{/if}}>
|
||||
<a href="{{$notification.link}}"><img src="{{$notification.image}}" aria-hidden="true" class="notif-image">{{$notification.text nofilter}} <span class="notif-when">{{$notification.ago}}</span></a>
|
||||
<a href="{{$notification.link}}"><img src="{{$notification.image}}" aria-hidden="true" class="notif-image">{{$notification.text}} <span class="notif-when">{{$notification.ago}}</span></a>
|
||||
</div>
|
||||
|
|
Loading…
Reference in New Issue
Block a user