Skip to content

Commit

Permalink
[CVE-2021-36150] Escape html tag characters in link text
Browse files Browse the repository at this point in the history
  • Loading branch information
emteknetnz authored and Maxime Rainville committed Oct 5, 2021
1 parent bd8b138 commit 080e520
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion client/dist/js/bundle.js

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions client/src/legacy/HtmlEditorField.js
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,7 @@ ss.editorWrappers.tinyMCE = (function() {
*/
insertLink: function(attrs, opts, linkText) {
if (linkText) {
linkText = linkText.replaceAll('<', '&lt;').replaceAll('>', '&gt;');
const linkEl = this.getInstance().dom.create('a', attrs, linkText);
this.getInstance().selection.setNode(linkEl);
} else {
Expand Down

0 comments on commit 080e520

Please sign in to comment.