From d240a979ba55295880db78f837baf8c2d5589895 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= Date: Fri, 5 Jan 2018 15:08:00 +0100 Subject: [PATCH] scrollToLinkedComment: Check for valid ObjectID before passing to jQuery --- src/templates/nodes/custom/comment/list_embed.pug | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/templates/nodes/custom/comment/list_embed.pug b/src/templates/nodes/custom/comment/list_embed.pug index bdc1c910..a2c890a3 100644 --- a/src/templates/nodes/custom/comment/list_embed.pug +++ b/src/templates/nodes/custom/comment/list_embed.pug @@ -92,7 +92,9 @@ script. // If there's a comment link in the URL, scroll there function scrollToLinkedComment() { var scrollToId = location.hash; - if (scrollToId.length <= 1) return; + + // Check that it's a valid ObjectID before passing it to jQuery. + if (!/^[a-fA-F0-9]{24}$/.test(scrollToId)) return; $(scrollToId) .addClass('comment-linked')