agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-02 13:49:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6525 from overleaf/jpa-harden-translations-sanitize

Browse Source 
[web] scripts/translations: sanitize: double down on angular xss

GitOrigin-RevId: d08deab392942e593e920e648118f0e196af1740
This commit is contained in:
Timothée Alby
2022-02-02 11:24:45 +01:00
committed by Copybot
parent 58cf92620a
commit 22ee7d6da2
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/web/scripts/translations/sanitize.js
+3
View File
@@ -25,6 +25,9 @@ function sanitize(input) {
a: ['href', 'class'],
},
textFilter(text) {
// Block Angular XSS
if (text === '{') return '{'
if (text === '}') return '}'
return text
.replace(/\{\{/, '{{')
.replace(/\}\}/, '}}')