mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-29 18:13:40 -05:00
Merge pull request #3768 from overleaf/jpa-xss-10
[views] mitigate Angular XSS on password reset page GitOrigin-RevId: 65f423fcb1a3afff0f396bb8e173d1e1bcff056a
This commit is contained in:
parent
8766c23abb
commit
7609b741fa
1 changed files with 3 additions and 2 deletions
|
@ -17,7 +17,7 @@ block content
|
|||
)
|
||||
input(type="hidden", name="_csrf", value=csrfToken)
|
||||
.alert.alert-success(ng-show="passwordResetForm.response.success")
|
||||
| #{translate("password_has_been_reset")}.
|
||||
| #{translate("password_has_been_reset")}.
|
||||
a(href='/login') #{translate("login_here")}
|
||||
div(ng-show="passwordResetForm.response.error == true")
|
||||
div(ng-switch="passwordResetForm.response.status")
|
||||
|
@ -42,11 +42,12 @@ block content
|
|||
autofocus,
|
||||
complex-password
|
||||
)
|
||||
span.small.text-primary(ng-show="passwordResetForm.password.$error.complexPassword", ng-bind-html="complexPasswordErrorMessage")
|
||||
span.small.text-primary(ng-show="passwordResetForm.password.$error.complexPassword", ng-bind-html="complexPasswordErrorMessage")
|
||||
input(
|
||||
type="hidden",
|
||||
name="passwordResetToken",
|
||||
value=passwordResetToken
|
||||
ng-non-bindable
|
||||
)
|
||||
.actions
|
||||
button.btn.btn-primary(
|
||||
|
|
Loading…
Reference in a new issue