Skip to content

Commit 069ca58

Browse files
author
joeltaylor
committed
Escape comment body
1 parent 8a0ed4e commit 069ca58

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

server/routes/news.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -244,8 +244,10 @@ router.
244244
post('/:slug([a-zA-Z0-9_.-]+)/comment', cookieParser, ensureAuthenticated, parseForm, expressValidator(), csrfProtection, buildComment, function(req, res) {
245245
// TODO: Perhaps this should be done in the buildComment()?
246246
req.sanitize('body').trim();
247+
req.sanitize('body').escape();
247248
req.check('body').notEmpty();
248249

250+
249251
var errors = req.validationErrors();
250252

251253
if (errors) {

0 commit comments

Comments
 (0)