From 0529ec16d097ba5ccf8d486bb364f6ecc6257c87 Mon Sep 17 00:00:00 2001 From: Simon Vieille Date: Mon, 26 Sep 2016 01:41:08 +0200 Subject: [PATCH] [security] XSS injection patch --- src/Gist/Resources/views/View/revisions.html.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Gist/Resources/views/View/revisions.html.twig b/src/Gist/Resources/views/View/revisions.html.twig index 78bf52b..bcf205f 100644 --- a/src/Gist/Resources/views/View/revisions.html.twig +++ b/src/Gist/Resources/views/View/revisions.html.twig @@ -123,7 +123,7 @@ var $pre = $('
')
                         .attr('class', 'brush: diff; syntaxhighlighter')
-                        .html(diffContent);
+                        .text(diffContent);
                                     
                     $('#diff-' + (u + 1).toString()).append($pre);
                 }