Protect against script injection

2026-03-05 15:17:32 +08:00 · 2021-12-16 22:57:47 +01:00
parent 43439bbcd3
commit 8f0893447e
14 changed files with 178 additions and 107 deletions
--- a/js/template/SelectableDraggableTemplate.js
+++ b/js/template/SelectableDraggableTemplate.js
@@ -1,4 +1,4 @@
-import html from "./html"
+import sanitizeText from "./sanitizeText"
 import Template from "./Template"

 /**
@@ -11,8 +11,8 @@ export default class SelectableDraggableTemplate extends Template {
     * @param {SelectableDraggable} element Element of the graph
     */
    applyLocation(element) {
-        element.style.setProperty("--ueb-position-x", element.location[0])
-        element.style.setProperty("--ueb-position-y", element.location[1])
+        element.style.setProperty("--ueb-position-x", sanitizeText(element.location[0]))
+        element.style.setProperty("--ueb-position-y", sanitizeText(element.location[1]))
    }

    /**