mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-20 15:36:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

export: Don't leak writeable pad ID when exporting

Browse source 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
This commit is contained in:
webzwo0i 2021-06-29 19:13:10 +02:00 committed by Richard Hansen
parent 58bd96ce8f
commit dbd76f0c5d
4 changed files with 30 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/node/utils/ExportHtml.js
View file

@ -457,7 +457,7 @@ const getHTMLFromAtext = async (pad, atext, authorColors) => {
return pieces.join('');
};
exports.getPadHTMLDocument = async (padId, revNum) => {
exports.getPadHTMLDocument = async (padId, revNum, readOnlyId) => {
const pad = await padManager.getPad(padId);
// Include some Styles into the Head for Export
@ -475,7 +475,7 @@ exports.getPadHTMLDocument = async (padId, revNum) => {
return eejs.require('ep_etherpad-lite/templates/export_html.html', {
body: html,
padId: Security.escapeHTML(padId),
padId: Security.escapeHTML(readOnlyId || padId),
extraCSS: stylesForExportCSS,
});
};