fix xss issue in query filter

beancount · Jul 23, 2022 · dccfb6a · dccfb6a
1 parent 11e0ed3
commit dccfb6a
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/frontend/src/modals/EntryContext.svelte b/frontend/src/modals/EntryContext.svelte
@@ -35,7 +35,10 @@
             <tr>
               <td><a href={urlForAccount(account)}>{account}</a></td>
               <td>
-                {@html inventory.join("<br>")}
+                {#each inventory as amount}
+                  {amount}
+                  <br />
+                {/each}
               </td>
             </tr>
           {/each}
@@ -52,7 +55,10 @@
             <tr>
               <td><a href={urlForAccount(account)}>{account}</a></td>
               <td>
-                {@html inventory.join("<br>")}
+                {#each inventory as amount}
+                  {amount}
+                  <br />
+                {/each}
               </td>
             </tr>
           {/each}

diff --git a/frontend/src/query/Query.svelte b/frontend/src/query/Query.svelte
@@ -106,7 +106,7 @@
           {/if}
           {@html result.table}
         {:else if error}
-          {@html error}
+          {error}
         {/if}
       </div>
     </details>