summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVictor Shyba <victor.shyba@gmail.com>2015-02-03 14:28:42 -0300
committerVictor Shyba <victor.shyba@gmail.com>2015-02-03 14:28:48 -0300
commitab571c6985a4ef68bade13c2bb2e42a2f014e994 (patch)
tree30f37a1fb810085e04ba121bbb17591408a9b9ba
parentb2692d94b3968ca82720841a61d4d31e7e253da9 (diff)
+@kaofelix, for #173. Fix XSS on suggestions
-rw-r--r--web-ui/app/js/mail_view/ui/recipients/recipients_input.js5
1 files changed, 4 insertions, 1 deletions
diff --git a/web-ui/app/js/mail_view/ui/recipients/recipients_input.js b/web-ui/app/js/mail_view/ui/recipients/recipients_input.js
index 11c1468c..5b3464f6 100644
--- a/web-ui/app/js/mail_view/ui/recipients/recipients_input.js
+++ b/web-ui/app/js/mail_view/ui/recipients/recipients_input.js
@@ -122,7 +122,10 @@ define([
highlight: true,
minLength: 1
}, {
- source: createEmailCompleter().ttAdapter()
+ source: createEmailCompleter().ttAdapter(),
+ templates: {
+ suggestion: function (o) { return _.escape(o['value']) }
+ }
});
};