mirror of
https://github.com/Choices-js/Choices.git
synced 2024-06-08 00:42:15 +02:00
Fix xss vulnerability(escape html in item label)
This commit is contained in:
parent
d15ab02db8
commit
c2fccdc398
|
@ -1,4 +1,4 @@
|
|||
import { getWidthOfInput } from '../lib/utils';
|
||||
import { getWidthOfInput, stripHTML } from '../lib/utils';
|
||||
|
||||
export default class Input {
|
||||
constructor(instance, element, classNames) {
|
||||
|
@ -145,7 +145,7 @@ export default class Input {
|
|||
}
|
||||
|
||||
getValue() {
|
||||
return this.element.value;
|
||||
return stripHTML(this.element.value);
|
||||
}
|
||||
|
||||
setActiveDescendant(activeDescendantID) {
|
||||
|
|
Loading…
Reference in a new issue