Page MenuHomePhabricator
Files F34694831

01-T293556.patch
sbassett (Scott Bassett)
Actions

Authored By
sbassett
Oct 18 2021, 7:11 PM
Size
1 KB
Referenced Files
None
Subscribers
None

01-T293556.patch
View Options

From c73d48de269faa7867827a9c340c8a9c4b01d7fc Mon Sep 17 00:00:00 2001
From: sbassett <sbassett@wikimedia.org>
Date: Mon, 18 Oct 2021 14:09:29 -0500
Subject: [PATCH] SECURITY: html-escape caption field data within mustache
template
Bug: T293556
---
templates/filepage/CaptionsPanel.mustache+dom | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/filepage/CaptionsPanel.mustache+dom b/templates/filepage/CaptionsPanel.mustache+dom
index c6fe17b9..9b928736 100644
--- a/templates/filepage/CaptionsPanel.mustache+dom
+++ b/templates/filepage/CaptionsPanel.mustache+dom
@@ -5,7 +5,7 @@
<div class="wbmi-entityview-caption"{{^show}} style="display: none;"{{/show}}>
<div class="wbmi-language-label">{{{language}}}</div>
<div class="wbmi-caption-value{{#empty}} wbmi-entityview-emptyCaption{{/empty}}" dir="{{textDirection}}" lang="{{langCode}}">
- {{{caption}}}
+ {{caption}}
{{#inputError}}<div class="wbmi-caption-publishError">{{{inputError}}}</div>{{/inputError}}
{{#inputWarning}}<div class="wbmi-caption-publishWarning">{{inputWarning}}</div>{{/inputWarning}}
</div>
--
2.30.2

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9209594
Default Alt Text
01-T293556.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL