status-im
/
codimd
mirror of https://github.com/status-im/codimd.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix fretboard title xss issue 

Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
This commit is contained in:
Yukai Huang 2020-12-21 14:25:47 +08:00
parent 26a2c746d3
commit 5fee551d69
No known key found for this signature in database
GPG Key ID: A76CBD50B22052C0
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package-lock.json generated
View File

@ -5404,7 +5404,7 @@
"integrity": "sha512-+eqpz5j8WONSzxmc4avCN4XX/6q5+J6JfWz2AaluZIOVNgXPxUjXBhKS73+nRhM3nE1pGeRMqkyZevTQWgYTTw==", "integrity": "sha512-+eqpz5j8WONSzxmc4avCN4XX/6q5+J6JfWz2AaluZIOVNgXPxUjXBhKS73+nRhM3nE1pGeRMqkyZevTQWgYTTw==",
"dev": true "dev": true
}, },
"dictionary-en-gb": { "dictionary-en-gb": {
"version": "2.2.2", "version": "2.2.2",
"resolved": "https://registry.npmjs.org/dictionary-en-gb/-/dictionary-en-gb-2.2.2.tgz", "resolved": "https://registry.npmjs.org/dictionary-en-gb/-/dictionary-en-gb-2.2.2.tgz",
"integrity": "sha512-36Pz/2BGmJfXtAo5+IGOi+U6gwtxFsFXFJMOX0FC1z2YeLd1IXkxsfAhieC06OrdGie3SqCZmUOYeYgct5Hzzw==", "integrity": "sha512-36Pz/2BGmJfXtAo5+IGOi+U6gwtxFsFXFJMOX0FC1z2YeLd1IXkxsfAhieC06OrdGie3SqCZmUOYeYgct5Hzzw==",

3
public/js/lib/renderer/fretboard/fretboard.js
View File

@ -1,4 +1,5 @@
/* global $ */ /* global $ */
import escapeHTML from 'lodash/escape'
import './css/i.css' import './css/i.css'
import dotEmpty from './svg/dotEmpty.svg' import dotEmpty from './svg/dotEmpty.svg'
@ -41,7 +42,7 @@ export const renderFretBoard = (content, { title: fretTitle = '', type = '' }) =
const fretboardHTML = $(`<div class="${containerClass}"></div>`) const fretboardHTML = $(`<div class="${containerClass}"></div>`)
if (fretTitle) { if (fretTitle) {
$(fretboardHTML).append(`<div class="fretTitle">${fretTitle}</div>`) $(fretboardHTML).append(`<div class="fretTitle">${escapeHTML(fretTitle)}</div>`)
} }
// create fretboard background HTML // create fretboard background HTML