From d1debecd0bb8b7ad1837be342923be587209bcc6 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Tue, 21 Mar 2017 17:15:58 -0500
Subject: [PATCH] Fix XSS in post thumbnail data attributes.

---
 app/presenters/post_presenter.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/presenters/post_presenter.rb b/app/presenters/post_presenter.rb
index f305e4eb9..6290bef43 100644
--- a/app/presenters/post_presenter.rb
+++ b/app/presenters/post_presenter.rb
@@ -88,8 +88,8 @@ class PostPresenter < Presenter
       data-file-url="#{post.file_url}"
       data-large-file-url="#{post.large_file_url}"
       data-preview-file-url="#{post.preview_file_url}"
-      data-source="#{post.source}"
-      data-normalized-source="#{post.normalized_source}"
+      data-source="#{h(post.source}"
+      data-normalized-source="#{h(post.normalized_source)}"
     }.html_safe
   end