Fixed security issue in tour

acadet · acadet · commit 782397b7327d · 2014-07-20T19:49:03.000+02:00
diff --git a/app/helpers/VersionHelper.ts b/app/helpers/VersionHelper.ts
@@ -5,7 +5,7 @@ class VersionHelper {
 	//region Fields
 	
 	private static _target : string = 'http://yimello.adriencadet.com/version';
-	private static _version : string = '0.1.1';
+	private static _version : string = '0.1.2';
 
 	//endregion Fields
 	
diff --git a/app/presenters/TourPresenter.ts b/app/presenters/TourPresenter.ts
@@ -123,6 +123,9 @@ class TourPresenter extends YimelloPresenter {
 			return;
 		}
 
+		// Avoid harmful values
+		value = SecurityHelper.disarm(value);
+
 		// Start to build a new tag
 		tag =
 			DOMElement.fromString('<li><p>' + value + '</p></li>');

Original file line number	Diff line number	Diff line change
`@@ -123,6 +123,9 @@ class TourPresenter extends YimelloPresenter {`
`123`	`123`	`return;`
`124`	`124`	`}`
`125`	`125`
	`126`	`+ // Avoid harmful values`
	`127`	`+ value = SecurityHelper.disarm(value);`
	`128`	`+`
`126`	`129`	`// Start to build a new tag`
`127`	`130`	`tag =`
`128`	`131`	`DOMElement.fromString('<li><p>' + value + '</p></li>');`