wikimedia/mediawiki-extensions-VisualEditor
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor synced 2024-11-30 17:14:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: ve.ui.MWMediaDialog: Escape plaintext image metadata fields

Browse source 
CVE-2021-44855

Bug: T293589
Change-Id: I691b4065e67c53c4276599c8d16c31ab5591db3a
This commit is contained in:
sbassett 2021-11-16 12:17:18 -06:00 committed by Reedy
parent 5f4d43c0c6
commit 61d9bb77b5
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
modules/ve-mw/ui/dialogs/ve.ui.MWMediaDialog.js
View file

@ -780,9 +780,9 @@ ve.ui.MWMediaDialog.prototype.cleanAPIresponse = function ( rawResponse, config
}
// Check if the string should be truncated
return isTruncated && !config.ignoreCharLimit ?
originalText.substring( 0, charLimit ) + ellipsis :
originalText;
return mw.html.escape( isTruncated && !config.ignoreCharLimit ?
originalText.slice( 0, charLimit ) + ellipsis :
originalText );
};
/**