polynux
/
tarteauxmyrtilles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Filter the attr to avoid possible XSS vulnerability Fix #1132

This commit is contained in:
Amauri CHAMPEAUX 2023-07-11 16:51:14 +02:00
parent 2565f0e2ba
commit c4c2fcf2b2
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
tarteaucitron.js
View File

@ -2083,7 +2083,13 @@ var tarteaucitron = {
return elem.getAttribute('height') || elem.clientHeight; return elem.getAttribute('height') || elem.clientHeight;
}, },
"getElemAttr": function (elem, attr) { "getElemAttr": function (elem, attr) {
return elem.getAttribute('data-' + attr) || elem.getAttribute(attr); var attribute = elem.getAttribute('data-' + attr) || elem.getAttribute(attr);
if (typeof attribute === 'string') {
return tarteaucitron.fixSelfXSS(attribute);
}
return "";
}, },
"addClickEventToId": function (elemId, func) { "addClickEventToId": function (elemId, func) {
tarteaucitron.addClickEventToElement(document.getElementById(elemId), func); tarteaucitron.addClickEventToElement(document.getElementById(elemId), func);