Merge branch 'cherry-pick-dc2ac993' into 'security-9-2'

Escapes html content before appending it to the DOM See merge request !2107
author: DJ Mountney <david@twkie.net> 2017-06-08 19:48:10 +0300
committer: DJ Mountney <david@twkie.net> 2017-06-08 19:48:10 +0300
commit: 7113b1a45bd29318c3ec5ea5f61b1d523868ef4d (patch)
tree: 94d5b473f9db263c5ac2a81791531c0444819163 /app/assets/javascripts/notes.js
parent: e9002222a0fc65e4e3328c7c536e43516986eb40 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/app/assets/javascripts/notes.js b/app/assets/javascripts/notes.js
index 929965de5c1..b0143b12cfe 100644
--- a/app/assets/javascripts/notes.js
+++ b/app/assets/javascripts/notes.js
@@ -1478,7 +1478,7 @@ const normalizeNewlines = function(str) {
       const cachedNoteBodyText = $noteBodyText.html();
 
       // Show updated comment content temporarily
-      $noteBodyText.html(formContent);
+      $noteBodyText.html(_.escape(formContent));
       $editingNote.removeClass('is-editing fade-in-full').addClass('being-posted fade-in-half');
       $editingNote.find('.note-headline-meta a').html('<i class="fa fa-spinner fa-spin" aria-label="Comment is being updated" aria-hidden="true"></i>');
 
@@ -1491,7 +1491,7 @@ const normalizeNewlines = function(str) {
         })
         .fail(() => {
           // Submission failed, revert back to original note
-          $noteBodyText.html(cachedNoteBodyText);
+          $noteBodyText.html(_.escape(cachedNoteBodyText));
           $editingNote.removeClass('being-posted fade-in');
           $editingNote.find('.fa.fa-spinner').remove();
author	DJ Mountney <david@twkie.net>	2017-06-08 19:48:10 +0300
committer	DJ Mountney <david@twkie.net>	2017-06-08 19:48:10 +0300
commit	7113b1a45bd29318c3ec5ea5f61b1d523868ef4d (patch)
tree	94d5b473f9db263c5ac2a81791531c0444819163 /app/assets/javascripts/notes.js
parent	e9002222a0fc65e4e3328c7c536e43516986eb40 (diff)