github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2025-01-28 23:42:30 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3723 from overleaf/as-fix-team-invite-xss

Browse source 
Prevent stored XSS on team invite page

GitOrigin-RevId: 0f79b96efcb86d121654a95da52da1c40550d3ae
This commit is contained in:
Alasdair Smith 2021-03-04 14:22:34 +00:00 committed by Copybot
parent 869bdf89e0
commit dc9841cb69
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
services/web/app/views/subscriptions/team/invite.pug
View file

@ -18,7 +18,7 @@ block content
.col-md-8.col-md-offset-2.text-center(ng-cloak)
.card(ng-controller="TeamInviteController")
.page-header
h1.text-centered #{translate("invited_to_group", {inviterName: inviterName, appName: appName})}
h1.text-centered(ng-non-bindable) #{translate("invited_to_group", {inviterName: inviterName, appName: appName})}
div(ng-show="view =='hasIndividualRecurlySubscription'")
p #{translate("cancel_personal_subscription_first")}
@ -36,6 +36,6 @@ block content
a.btn.btn.btn-primary(ng-click="joinTeam()", ng-disabled="inflight") #{translate("accept_invitation")}
div(ng-show="view =='inviteAccepted'")
p #{translate("joined_team", {inviterName: inviterName})}
p(ng-non-bindable) #{translate("joined_team", {inviterName: inviterName})}
p
a.btn.btn.btn-primary(href="/project") #{translate("done")}