archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Fix XSS in Ponder

Browse Source 
Summary: See rP883829e6676fc3412b83b6ab16f7bf5b56b174b8

Test Plan: Verified no XSS with a title like `<b>!</b>`.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4534
This commit is contained in:
epriestley
2013-01-19 09:42:18 -08:00
parent dd5da0fedb
commit 42ee1d0ed6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/applications/ponder/view/PonderUserProfileView.php
View File

@@ -84,7 +84,7 @@ final class PonderUserProfileView extends AphrontView {
array( array(
'href' => '/Q'.$question->getID(), 'href' => '/Q'.$question->getID(),
), ),
self::abbreviate($question->getTitle())))); phutil_escape_html(self::abbreviate($question->getTitle())))));
$view->addItem($item); $view->addItem($item);
} }