mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-25 03:44:29 +03:00
🐛Fixed XSS vulnerability involving post excerpts (#17190)
closes https://github.com/TryGhost/Ghost/issues/17058 - Uses the lodash `escape` function. - Avoids XSS vulnerabilities in post excerpts.
This commit is contained in:
parent
b2a429437e
commit
dc7e2b9261
@ -22,6 +22,8 @@ module.exports = function excerpt(options) {
|
||||
} else {
|
||||
excerptText = '';
|
||||
}
|
||||
|
||||
excerptText = _.escape(excerptText);
|
||||
|
||||
truncateOptions = _.reduce(truncateOptions, (_truncateOptions, value, key) => {
|
||||
if (['words', 'characters'].includes(key)) {
|
||||
|
Loading…
Reference in New Issue
Block a user