作业评论的xss

5 years ago · aba3456560
parent f620ff8bbd
commit aba3456560
1 changed files with 1 additions and 1 deletions
--- a/app/views/graduation_topics/_graduation_comments.json.jbuilder
+++ b/app/views/graduation_topics/_graduation_comments.json.jbuilder
@ -3,7 +3,7 @@ json.author do
 end

 json.id message.id
-json.content message.contents_show(identity)
+json.content content_safe(message.contents_show(identity))
 json.time time_from_now(message.created_at)
 json.hidden message.hidden
 # 主贴与子贴不一致