mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-25 11:55:03 +03:00
🐛Fixed XSS vulnerability involving post excerpts (#17190)
closes https://github.com/TryGhost/Ghost/issues/17058 - Uses the lodash `escape` function. - Avoids XSS vulnerabilities in post excerpts.
This commit is contained in:
parent
b2a429437e
commit
dc7e2b9261
@ -22,6 +22,8 @@ module.exports = function excerpt(options) {
|
|||||||
} else {
|
} else {
|
||||||
excerptText = '';
|
excerptText = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
excerptText = _.escape(excerptText);
|
||||||
|
|
||||||
truncateOptions = _.reduce(truncateOptions, (_truncateOptions, value, key) => {
|
truncateOptions = _.reduce(truncateOptions, (_truncateOptions, value, key) => {
|
||||||
if (['words', 'characters'].includes(key)) {
|
if (['words', 'characters'].includes(key)) {
|
||||||
|
Loading…
Reference in New Issue
Block a user