Skip to content

Commit 5fee551

Browse files
YukaiiYukaii
committed
Fix fretboard title xss issue
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
1 parent 26a2c74 commit 5fee551

File tree

2 files changed

+3
-2
lines changed

2 files changed

+3
-2
lines changed

package-lock.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

public/js/lib/renderer/fretboard/fretboard.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
/* global $ */
2+
import escapeHTML from 'lodash/escape'
23

34
import './css/i.css'
45
import dotEmpty from './svg/dotEmpty.svg'
@@ -41,7 +42,7 @@ export const renderFretBoard = (content, { title: fretTitle = '', type = '' }) =
4142
const fretboardHTML = $(`<div class="${containerClass}"></div>`)
4243

4344
if (fretTitle) {
44-
$(fretboardHTML).append(`<div class="fretTitle">${fretTitle}</div>`)
45+
$(fretboardHTML).append(`<div class="fretTitle">${escapeHTML(fretTitle)}</div>`)
4546
}
4647

4748
// create fretboard background HTML

0 commit comments

Comments
 (0)