prevent potential XSS via unchecked use innerHTML
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
This commit is contained in:
parent
af87bd2f60
commit
951147c6e9
|
@ -1100,7 +1100,7 @@ var jsc = {
|
|||
if (jsc.isElementType(this.valueElement, 'input')) {
|
||||
this.valueElement.value = value;
|
||||
} else {
|
||||
this.valueElement.innerHTML = value;
|
||||
this.valueElement.innerHTML = _.escape(value);
|
||||
}
|
||||
}
|
||||
if (!(flags & jsc.leaveStyle)) {
|
||||
|
|
Loading…
Reference in New Issue