mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-21 16:06:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26

The value of all href attributes is escaped.

Browse source
This commit is contained in:
Chad Weider 2012-01-14 14:50:23 -08:00
parent 6e36b59a59
commit 387dd4a48b
4 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
node/utils/ExportHtml.js
View file

@ -292,7 +292,7 @@ function getHTMLFromAtext(pad, atext)
var url = urlData[1];
var urlLength = url.length;
processNextChars(startIndex - idx);
assem.append('<a href="' + url.replace(/\"/g, '&quot;') + '">');
assem.append('<a href="' + _escapeHTML(url) + '">');
processNextChars(urlLength);
assem.append('</a>');
});