Fixed XSS vulnerability with default onCellHtmlData function

hhurz · Apr 10, 2022 · de1c24f · de1c24f
1 parent 4a4bd04
commit de1c24f
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/tableExport.js b/tableExport.js
@@ -2081,7 +2081,7 @@
             $cell.data('teUserDefText', 1);
           }
           else if (htmlData !== '') {
-            const html = $.parseHTML(htmlData);
+            const html = $.parseHTML('<div>' + htmlData + '</div>', null, false);
             let inputIndex = 0;
             let selectIndex = 0;
 

diff --git a/tableExport.min.js b/tableExport.min.js