wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

prevent potential XSS via unchecked use innerHTML

Browse source 
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
This commit is contained in:
Max Fichtelmann 2019-07-29 17:48:33 +02:00 committed by Backportbot
parent af87bd2f60
commit 951147c6e9
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/theming/js/3rdparty/jscolor/jscolor.js vendored
View file

@ -1100,7 +1100,7 @@ var jsc = {
if (jsc.isElementType(this.valueElement, 'input')) { if (jsc.isElementType(this.valueElement, 'input')) {
this.valueElement.value = value; this.valueElement.value = value;
} else { } else {
this.valueElement.innerHTML = value; this.valueElement.innerHTML = _.escape(value);
} }
} }
if (!(flags & jsc.leaveStyle)) { if (!(flags & jsc.leaveStyle)) {