Skip to content

Commit

Permalink
Fix XSS issues in typeahead results
Browse files Browse the repository at this point in the history
  • Loading branch information
@Alanaktion
Alanaktion committed Mar 12, 2022
1 parent f40236c commit 00c6bbf
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion app/view/blocks/issue-list.html
View file
Expand Up @@ -85,7 +85,7 @@
},
templates: {
suggestion: function(element) {
return '<div><span class="text-muted">#' + element.id + '</span> ' + element.text + '</div>';
return '<div><span class="text-muted">#' + element.id + '</span> ' + new Option(element.text).innerHTML + '</div>';
}
}
}).bind('typeahead:select', function() {
Expand Down
2 changes: 1 addition & 1 deletion app/view/issues/edit.html
View file
Expand Up @@ -55,7 +55,7 @@
},
templates: {
suggestion: function(element) {
return '<div><span class="text-muted">#' + element.id + '</span> ' + element.text + '</div>';
return '<div><span class="text-muted">#' + element.id + '</span> ' + new Option(element.text).innerHTML + '</div>';
}
}
});
Expand Down
4 changes: 2 additions & 2 deletions app/view/issues/single.html
View file
Expand Up @@ -550,7 +550,7 @@ <h4 class="modal-title" id="modal-copy-label">{{ @dict.copy_issue }}</h4>
},
templates: {
suggestion: function(element) {
return '<div><span class="text-muted">#' + element.id + '</span> ' + element.text + '</div>';
return '<div><span class="text-muted">#' + element.id + '</span> ' + new Option(element.text).innerHTML + '</div>';
}
}
});
Expand Down Expand Up @@ -706,7 +706,7 @@ <h4 class="modal-title" id="modal-copy-label">{{ @dict.copy_issue }}</h4>
},
templates: {
suggestion: function(element) {
return '<div><span class="text-muted">#' + element.id + '</span> ' + element.text + '</div>';
return '<div><span class="text-muted">#' + element.id + '</span> ' + new Option(element.text).innerHTML + '</div>';
}
}
});
Expand Down

0 comments on commit 00c6bbf

Please sign in to comment.