🔒 fixed another stored XSS vulnerability

kromitgmbh · Jun 8, 2022 · c1fff7e · c1fff7e
1 parent e606b67
commit c1fff7e
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/imports/utils/frontend_helpers.js b/imports/utils/frontend_helpers.js
@@ -18,8 +18,12 @@ function getUserSetting(field) {
 
 function addToolTipToTableCell(value) {
   if (value) {
-    const sanitizedValue = $('<div/>').text(value).html()
-    return `<span class="js-tooltip" data-bs-toggle="tooltip" data-bs-placement="left" title='${sanitizedValue}'>${sanitizedValue}</span>`
+    const toolTipElement = $('<span/>').text(value)
+    toolTipElement.addClass('js-tooltip')
+    toolTipElement.attr('data-bs-toggle', 'tooltip')
+    toolTipElement.attr('data-bs-placement', 'left')
+    toolTipElement.attr('title', toolTipElement.text())
+    return toolTipElement.get(0).outerHTML
   }
   return ''
 }

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "titra",
-  "version": "0.77.0",
+  "version": "0.77.1",
   "private": true,
   "scripts": {
     "start": "meteor run"