diff options
author | Victor Shyba <victor.shyba@gmail.com> | 2015-02-03 14:28:42 -0300 |
---|---|---|
committer | Victor Shyba <victor.shyba@gmail.com> | 2015-02-03 14:28:48 -0300 |
commit | ab571c6985a4ef68bade13c2bb2e42a2f014e994 (patch) | |
tree | 30f37a1fb810085e04ba121bbb17591408a9b9ba | |
parent | b2692d94b3968ca82720841a61d4d31e7e253da9 (diff) |
+@kaofelix, for #173. Fix XSS on suggestions
-rw-r--r-- | web-ui/app/js/mail_view/ui/recipients/recipients_input.js | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/web-ui/app/js/mail_view/ui/recipients/recipients_input.js b/web-ui/app/js/mail_view/ui/recipients/recipients_input.js index 11c1468c..5b3464f6 100644 --- a/web-ui/app/js/mail_view/ui/recipients/recipients_input.js +++ b/web-ui/app/js/mail_view/ui/recipients/recipients_input.js @@ -122,7 +122,10 @@ define([ highlight: true, minLength: 1 }, { - source: createEmailCompleter().ttAdapter() + source: createEmailCompleter().ttAdapter(), + templates: { + suggestion: function (o) { return _.escape(o['value']) } + } }); }; |