Halaman utama Jelajahi Bantuan
Masuk
wiki
/
weseek__growi
cermin dari https://github.com/weseek/growi
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

add comment

utsushiiro 7 tahun lalu
induk
dc85dfcdf6
melakukan
d02f1fc236
1 mengubah file dengan 4 tambahan dan 0 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 4 0
      src/client/js/models/MarkdownTable.js

+ 4 - 0
src/client/js/models/MarkdownTable.js
Tampilan Berkas 

@@ -42,8 +42,12 @@ export default class MarkdownTable {
 
 
   /**
 
    * return a MarkdownTable instance made from a string of HTML table tag
 
+   *
 
+   * When a parser error occurs, this returns a Error object with error message.
 
+   * The error message is a innerHTML, so must not assign it into element.innerHTML because it can lead to Mutation-based XSS
 
    */
 
   static fromHTMLTableTag(str) {
 
+    // use DOMParser to prevent DOM based XSS (https://developer.mozilla.org/en-US/docs/Web/API/DOMParser)
 
     const dom = domParser.parseFromString(str, 'application/xml');
 
 
     if (dom.querySelector('parsererror')) {