mirror of https://github.com/CIRCL/AIL-framework
Fixed potential XSS problem with pastes display in 'search' and 'important_paste_by_module'.
parent
047331df3e
commit
1766ced9e6
|
@ -92,7 +92,8 @@ $(document).ready(function(){
|
|||
}
|
||||
|
||||
if (final_index != start_index){ // still have data to display
|
||||
$("#mymodalbody").find("#paste-holder").text($("#mymodalbody").find("#paste-holder").text()+complete_paste.substring(start_index+1, final_index+1)); // Append the new content
|
||||
// Append the new content using text() and not append (XSS)
|
||||
$("#mymodalbody").find("#paste-holder").text($("#mymodalbody").find("#paste-holder").text()+complete_paste.substring(start_index+1, final_index+1));
|
||||
start_index = final_index;
|
||||
if (flag_stop)
|
||||
nothing_to_display();
|
||||
|
|
|
@ -196,7 +196,8 @@
|
|||
}
|
||||
|
||||
if (final_index != start_index){ // still have data to display
|
||||
$("#mymodalbody").find("#paste-holder").append(complete_paste.substring(start_index+1, final_index+1)); // Append the new content
|
||||
// Append the new content using text() and not append (XSS)
|
||||
$("#mymodalbody").find("#paste-holder").text($("#mymodalbody").find("#paste-holder").text() + complete_paste.substring(start_index+1, final_index+1));
|
||||
start_index = final_index;
|
||||
if (flag_stop)
|
||||
nothing_to_display();
|
||||
|
|
Loading…
Reference in New Issue