mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-28 19:10:57 -05:00
Fix to sanitize disqus shortnames to remove slashes [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
This commit is contained in:
parent
f9cc2ff0ef
commit
b89a35196a
1 changed files with 1 additions and 1 deletions
|
@ -5,7 +5,7 @@ var disqus_config = function () {
|
||||||
};
|
};
|
||||||
(function() {
|
(function() {
|
||||||
var d = document, s = d.createElement('script');
|
var d = document, s = d.createElement('script');
|
||||||
s.src = 'https://<%= disqus %>.disqus.com/embed.js';
|
s.src = 'https://<%= disqus.replace(/[^A-Za-z0-9]+/g, '') %>.disqus.com/embed.js';
|
||||||
s.setAttribute('data-timestamp', +new Date());
|
s.setAttribute('data-timestamp', +new Date());
|
||||||
(d.head || d.body).appendChild(s);
|
(d.head || d.body).appendChild(s);
|
||||||
})();
|
})();
|
||||||
|
|
Loading…
Reference in a new issue