mirror of
https://github.com/Choices-js/Choices.git
synced 2024-06-08 08:52:19 +02:00
Fix xss vulnerability(escape html in item label)
This commit is contained in:
parent
d15ab02db8
commit
c2fccdc398
|
@ -1,4 +1,4 @@
|
||||||
import { getWidthOfInput } from '../lib/utils';
|
import { getWidthOfInput, stripHTML } from '../lib/utils';
|
||||||
|
|
||||||
export default class Input {
|
export default class Input {
|
||||||
constructor(instance, element, classNames) {
|
constructor(instance, element, classNames) {
|
||||||
|
@ -145,7 +145,7 @@ export default class Input {
|
||||||
}
|
}
|
||||||
|
|
||||||
getValue() {
|
getValue() {
|
||||||
return this.element.value;
|
return stripHTML(this.element.value);
|
||||||
}
|
}
|
||||||
|
|
||||||
setActiveDescendant(activeDescendantID) {
|
setActiveDescendant(activeDescendantID) {
|
||||||
|
|
Loading…
Reference in a new issue