Home Explore Help
Sign In
wiki
/
weseek__growi
mirror of https://github.com/weseek/growi
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

prevent XSS for timeline

Yuki Takei 5 years ago
parent
fdea9167ef
commit
61bcb73b79
2 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      src/server/views/widget/page_list_and_timeline.html
  2. 1 1
      src/server/views/widget/page_list_and_timeline_kibela.html

+ 1 - 1
src/server/views/widget/page_list_and_timeline.html
View File 

@@ -30,7 +30,7 @@
 
     {# timeline view #}
 
     {% if getConfig('crowi', 'customize:isEnabledTimeline') %}
 
       <div class="tab-pane mt-5" id="view-timeline">
 
-        <script type="text/template" id="page-timeline-data">{{ JSON.stringify(pagesDataForTimeline(pages)) }}</script>
 
+        <script type="text/template" id="page-timeline-data">{{ JSON.stringify(pagesDataForTimeline(pages)) | preventXss }}</script>
 
         {# render React Component PageTimeline #}
 
         <div id="page-timeline"></div>
 
       </div>

+ 1 - 1
src/server/views/widget/page_list_and_timeline_kibela.html
View File 

@@ -29,7 +29,7 @@
 
     {# timeline view #}
 
     {% if getConfig('crowi', 'customize:isEnabledTimeline') %}
 
       <div class="tab-pane mt-5" id="view-timeline">
 
-        <script type="text/template" id="page-timeline-data">{{ JSON.stringify(pagesDataForTimeline(pages)) }}</script>
 
+        <script type="text/template" id="page-timeline-data">{{ JSON.stringify(pagesDataForTimeline(pages)) | preventXss }}</script>
 
         {# render React Component PageTimeline #}
 
         <div id="page-timeline"></div>
 
       </div>