mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-01 22:20:21 +02:00
Code Issues Releases Wiki Activity

Fix encoding of page title. (#3768)

Browse Source
This commit is contained in:
Robert Korulczyk
2023-04-24 19:00:22 +02:00
committed by GitHub
parent accdfde6e1
commit fea31a8290
1 changed files with 2 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
framework/core/js/src/common/Application.tsx
View File

@@ -411,22 +411,12 @@ export default class Application {
pageNumber: 1, pageNumber: 1,
}; };
let title = const title =
onHomepage || !this.title onHomepage || !this.title
? extractText(app.translator.trans('core.lib.meta_titles.without_page_title', params)) ? extractText(app.translator.trans('core.lib.meta_titles.without_page_title', params))
: extractText(app.translator.trans('core.lib.meta_titles.with_page_title', params)); : extractText(app.translator.trans('core.lib.meta_titles.with_page_title', params));
title = count + title; document.title = count + title;
// We pass the title through a DOMParser to allow HTML entities
// to be rendered correctly, while still preventing XSS attacks
// from user input by using a script-disabled environment.
// https://github.com/flarum/framework/issues/3514
// https://github.com/flarum/framework/pull/3684
const parser = new DOMParser();
const safeTitle = parser.parseFromString(title, 'text/html').body.innerHTML;
document.title = safeTitle;
} }
protected transformRequestOptions<ResponseType>(flarumOptions: FlarumRequestOptions<ResponseType>): InternalFlarumRequestOptions<ResponseType> { protected transformRequestOptions<ResponseType>(flarumOptions: FlarumRequestOptions<ResponseType>): InternalFlarumRequestOptions<ResponseType> {