mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor
synced 2024-11-15 10:35:48 +00:00
SECURITY: ve.ui.MWMediaDialog: Escape plaintext image metadata fields
CVE-2021-44855 Bug: T293589 Change-Id: I691b4065e67c53c4276599c8d16c31ab5591db3a
This commit is contained in:
parent
ff22ddd7a8
commit
839b64d882
|
@ -788,9 +788,9 @@ ve.ui.MWMediaDialog.prototype.cleanAPIresponse = function ( rawResponse, config
|
|||
}
|
||||
|
||||
// Check if the string should be truncated
|
||||
return isTruncated && !config.ignoreCharLimit ?
|
||||
return mw.html.escape( isTruncated && !config.ignoreCharLimit ?
|
||||
originalText.slice( 0, charLimit ) + ellipsis :
|
||||
originalText;
|
||||
originalText );
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in a new issue