ace.js: use URL encoding when building an URL via string concatenation

Not performing encoding/decoding when traversing logical domains is a security
risk.
String concatenation is not great, too, but this change is just focused on
allowing the implementation of skin support.
pull/3475/head
muxator 2018-08-26 02:40:36 +02:00
parent 2cc32d7fe9
commit 6c56e7ca7a
1 changed files with 1 additions and 1 deletions

View File

@ -186,7 +186,7 @@ function Ace2Editor()
}
for (var i = 0, ii = remoteFiles.length; i < ii; i++) {
var file = remoteFiles[i];
buffer.push('<link rel="stylesheet" type="text/css" href="' + file + '"\/>');
buffer.push('<link rel="stylesheet" type="text/css" href="' + encodeURI(file) + '"\/>');
}
}