ilja_space/MapComplete
1
0
Fork 0
forked from MapComplete/MapComplete
Code Pull requests Activity

Security: purify inputs around innerHTML-usage, remove some unused parameters and classes

Browse source
This commit is contained in:
Pieter Vander Vennet 2023-09-21 01:53:34 +02:00
parent e0ee3edf71
commit fcea3da70f
15 changed files with 44 additions and 127 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/UI/Popup/NoteCommentElement.ts
View file

@ -56,7 +56,7 @@ export default class NoteCommentElement extends Combine {
)
const htmlElement = document.createElement("div")
htmlElement.innerHTML = comment.html
htmlElement.innerHTML = Utils.purify(comment.html)
const images = Array.from(htmlElement.getElementsByTagName("a"))
.map((link) => link.href)
.filter((link) => {