deblan-mirror/Choices
deblan-mirror/Choices
1
0
Fork 0
mirror of https://github.com/Choices-js/Choices.git synced 2024-05-02 22:03:11 +02:00
Code Issues Projects Releases Wiki Activity

Fix xss vulnerability(escape html in item label)

Browse source
This commit is contained in:
c5254061 2018-04-18 11:05:21 +03:00
parent d15ab02db8
commit c2fccdc398
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/scripts/src/components/input.js
View file

@ -1,4 +1,4 @@
import { getWidthOfInput } from '../lib/utils';
import { getWidthOfInput, stripHTML } from '../lib/utils';
export default class Input {
constructor(instance, element, classNames) {
@ -145,7 +145,7 @@ export default class Input {
}
getValue() {
return this.element.value;
return stripHTML(this.element.value);
}
setActiveDescendant(activeDescendantID) {