From c4c2fcf2b2212ce968bdcae145bb74283c441e5f Mon Sep 17 00:00:00 2001
From: Amauri CHAMPEAUX <amauri@champeaux.fr>
Date: Tue, 11 Jul 2023 16:51:14 +0200
Subject: [PATCH] Filter the attr to avoid possible XSS vulnerability Fix #1132

---
 tarteaucitron.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tarteaucitron.js b/tarteaucitron.js
index e4421ce..2c3b0c1 100644
--- a/tarteaucitron.js
+++ b/tarteaucitron.js
@@ -2083,7 +2083,13 @@ var tarteaucitron = {
         return elem.getAttribute('height') || elem.clientHeight;
     },
     "getElemAttr": function (elem, attr) {
-        return elem.getAttribute('data-' + attr) || elem.getAttribute(attr);
+        var attribute = elem.getAttribute('data-' + attr) || elem.getAttribute(attr);
+
+        if (typeof attribute === 'string') {
+            return tarteaucitron.fixSelfXSS(attribute);
+        }
+
+        return "";
     },
     "addClickEventToId": function (elemId, func) {
         tarteaucitron.addClickEventToElement(document.getElementById(elemId), func);