github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-01-28 16:28:01 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix injection vulnerability and jquery path in applying link flair.

Browse Source
This commit is contained in:
Logan Hanks
2013-07-23 14:09:15 -07:00
committed by Max Goodman
parent fdf072b38a
commit 5c3b86b396
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
r2/r2/controllers/api.py
View File

@@ -3024,13 +3024,14 @@ class ApiController(RedditController, OAuth2ResourceController):
# Push some client-side updates back to the browser.
jquery('.id-%s .entry .linkflair' % link._fullname).remove()
jquery('.id-%s .entry .linkflairlabel' % link._fullname).remove()
title_path = '.id-%s .entry > .title > .title' % link._fullname
# TODO: move this to a template
if flair_template:
flair = '<span class="linkflair %s">%s</span>' % (
' '.join('linkflair-' + c for c in css_class.split()), text)
flair = '<span class="linkflairlabel %s">%s</span>' % (
' '.join('linkflair-' + c for c in css_class.split()),
websafe(text))
if site.link_flair_position == 'left':
jquery(title_path).before(flair)
elif site.link_flair_position == 'right':