deblan-mirror/Choices
deblan-mirror/Choices
1
0
Fork 0
mirror of https://github.com/Choices-js/Choices.git synced 2024-06-07 16:32:32 +02:00
Code Issues Projects Releases Wiki Activity

Fix xss vulnerability(escape html in item label)

Browse source
This commit is contained in:
c5254061 2018-04-18 11:05:21 +03:00
parent d15ab02db8
commit c2fccdc398
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/scripts/src/components/input.js
View file

@ -1,4 +1,4 @@
import { getWidthOfInput } from '../lib/utils'; import { getWidthOfInput, stripHTML } from '../lib/utils';
export default class Input { export default class Input {
constructor(instance, element, classNames) { constructor(instance, element, classNames) {
@ -145,7 +145,7 @@ export default class Input {
} }
getValue() { getValue() {
return this.element.value; return stripHTML(this.element.value);
} }
setActiveDescendant(activeDescendantID) { setActiveDescendant(activeDescendantID) {