fix xss vuln

2018-05-22 14:47:00 -07:00
parent 4b790e163e
commit 0e7349ca48
2 changed files with 2 additions and 2 deletions
--- a/app/assets/javascripts/related_tag.js.erb
+++ b/app/assets/javascripts/related_tag.js.erb
@@ -236,7 +236,7 @@
          if (desc.length > 30) {
            desc = desc.substring(0, 30) + "...";
          }
-          var $del = $("<del/>").html(desc);
+          var $del = $("<del/>").text(desc);
          $ul.append($("<li/>").html($del));
        } else if (text.match(/^ http/)) {
          text = text.substring(1, 1000);