mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-17 21:49:15 +01:00
Code Issues Projects Releases Wiki Activity

MDL-67637 core_message: only preview lastmessage text if safe to do so

Browse Source 
If any html/script tags are found in the text() value, don't display it.
This commit is contained in:
Jake Dallimore 2020-01-08 14:22:48 +08:00 committed by Sara Arjona
parent f914f99a76
commit 4e80934653
3 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
message/amd/build/message_drawer_view_overview_section.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
message/amd/build/message_drawer_view_overview_section.min.js.map
View File

File diff suppressed because one or more lines are too long

5
message/amd/src/message_drawer_view_overview_section.js
View File

@ -223,7 +223,10 @@ function(
// If that's not possible, we'll report it under the catch-all 'other media'.
var messagePreview = $(lastMessage.text).text();
if (messagePreview) {
return messagePreview;
// The text value of the message must have no html/script tags.
if (messagePreview.indexOf('<') == -1) {
return messagePreview;
}
}
}