github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2025-04-08 16:32:38 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request from sharelatex/sk-sanitize-system-messages

Browse source 
Sanitize display of system messages.
This commit is contained in:
Shane Kilkelly 2018-08-29 09:21:07 +01:00 committed by GitHub
commit 6157db1964
2 changed files with 4 additions and 4 deletions
services/web
app/views/admin
index.pug
public/coffee/main
system-messages.coffee

4
services/web/app/views/admin/index.pug
View file

@ -10,8 +10,8 @@ block content
h1 Admin Panel
tabset(ng-cloak)
tab(heading="System Messages")
each message in systemMessages
.alert.alert-info.row-spaced !{message.content}
each message in systemMessages
.alert.alert-info.row-spaced #{message.content}
hr
form(enctype='multipart/form-data', method='post', action='/admin/messages')
input(name="_csrf", type="hidden", value=csrfToken)

4
services/web/public/coffee/main/system-messages.coffee
View file

@ -6,8 +6,8 @@ define [
App.controller "SystemMessageController", ($scope, $sce) ->
$scope.hidden = $.localStorage("systemMessage.hide.#{$scope.message._id}")
$scope.htmlContent = $sce.trustAsHtml $scope.message.content
$scope.htmlContent = $scope.message.content
$scope.hide = () ->
$scope.hidden = true
$.localStorage("systemMessage.hide.#{$scope.message._id}", true)
$.localStorage("systemMessage.hide.#{$scope.message._id}", true)