mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-20 15:36:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

The value of all href attributes is escaped.

Browse source
This commit is contained in:
Chad Weider 2012-01-14 14:50:23 -08:00
parent 6e36b59a59
commit 387dd4a48b
4 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
static/js/pad_utils.js
View file

@ -187,7 +187,7 @@ var padutils = {
var startIndex = urls[j][0];
var href = urls[j][1];
advanceTo(startIndex);
pieces.push('<a ', (target ? 'target="' + target + '" ' : ''), 'href="', href.replace(/\"/g, '&quot;'), '">');
pieces.push('<a ', (target ? 'target="' + target + '" ' : ''), 'href="', padutils.escapeHtml(href), '">');
advanceTo(startIndex + href.length);
pieces.push('</a>');
}