Fix to sanitize disqus shortnames to remove slashes [Security Issue]

Signed-off-by: Max Wu <jackymaxj@gmail.com>
This commit is contained in:
Max Wu 2018-12-28 16:39:13 +08:00 committed by GitHub
parent f9cc2ff0ef
commit b89a35196a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -5,7 +5,7 @@ var disqus_config = function () {
}; };
(function() { (function() {
var d = document, s = d.createElement('script'); var d = document, s = d.createElement('script');
s.src = 'https://<%= disqus %>.disqus.com/embed.js'; s.src = 'https://<%= disqus.replace(/[^A-Za-z0-9]+/g, '') %>.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date()); s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s); (d.head || d.body).appendChild(s);
})(); })();