While updating to the latest commit


(@SenpaiMass) #1

discourse (5a77f55)

getting this strike thing on discourse via /admin/upgrade

Should i be worried?


Now in master: ES6 Modules + Text Rendering
(Robin Ward) #2

Weird, I haven’t seen this before. Is it working otherwise?


(@SenpaiMass) #3

yes it is working well and good. But the strike through on the docker upgrade got me worried.


(Robin Ward) #4

Probably not anything to be concerned about. I just did an update and didn’t see the same thing - I wonder if something random in the console screwed up the markup somehow. I’ll leave this open for a short while to see if anyone else can reproduce / confirm it.


(Joe Seyfried) #5

Yeah, started here:

(Paging captain obvious… :wink: )


(gauthier) #6

Hello,

Same here:


(Freso) #7

Heh. I came here to report the same thing. Looks like HTML isn’t properly escaped. I doubt anyone will be able to get an exploit into the commit messages (and if they are, we likely have bigger things to worry about), but it might still be nice to fix this. :slight_smile:


(Joe Seyfried) #8

I think the problem is clear now: the commit text mentioned that <strike> wasn’t whitelisted, so after the , all the messages got stricken… :wink:

Question is, is there a clever way to prevent such behaviour in the future? Especially if we’re dealing with a commit that fixes </html>? The alternative being: wait for the next commit which will fix this problem. :smiley:

@Freso was a tad faster. :slight_smile:


(Robin Ward) #10

Thanks for the help everyone! Here’s a fix to the escaping issue:


(Robin Ward) #11