discourse (5a77f55)
getting this strike thing on discourse via /admin/upgrade
Should i be worried?
Weird, I haven’t seen this before. Is it working otherwise?
yes it is working well and good. But the strike through on the docker upgrade got me worried.
Probably not anything to be concerned about. I just did an update and didn’t see the same thing - I wonder if something random in the console screwed up the markup somehow. I’ll leave this open for a short while to see if anyone else can reproduce / confirm it.
Yeah, started here:
(Paging captain obvious… )
Heh. I came here to report the same thing. Looks like HTML isn’t properly escaped. I doubt anyone will be able to get an exploit into the commit messages (and if they are, we likely have bigger things to worry about), but it might still be nice to fix this.
I think the problem is clear now: the commit text mentioned that <strike>
wasn’t whitelisted, so after the , all the messages got stricken…
Question is, is there a clever way to prevent such behaviour in the future? Especially if we’re dealing with a commit that fixes </html>
? The alternative being: wait for the next commit which will fix this problem.
@Freso was a tad faster.
Thanks for the help everyone! Here’s a fix to the escaping issue:
https://github.com/discourse/docker_manager/commit/82c061a5bc4a793dfd919e7271a2c6660b41f917