status-im
/
codimd
mirror of https://github.com/status-im/codimd.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix fretboard title xss issue 

Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
This commit is contained in:
Yukai Huang 2020-12-21 14:25:47 +08:00
parent 26a2c746d3
commit 5fee551d69
No known key found for this signature in database
GPG Key ID: A76CBD50B22052C0
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
public/js/lib/renderer/fretboard/fretboard.js
View File

@ -1,4 +1,5 @@
/* global $ */
import escapeHTML from 'lodash/escape'
import './css/i.css'
import dotEmpty from './svg/dotEmpty.svg'
@ -41,7 +42,7 @@ export const renderFretBoard = (content, { title: fretTitle = '', type = '' }) =
const fretboardHTML = $(`<div class="${containerClass}"></div>`)
if (fretTitle) {
$(fretboardHTML).append(`<div class="fretTitle">${fretTitle}</div>`)
$(fretboardHTML).append(`<div class="fretTitle">${escapeHTML(fretTitle)}</div>`)
}
// create fretboard background HTML