mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-29 10:14:28 -05:00
c32b1cf42b
Using jQuery's `.html()` method stores the given string as `innerHTML`, which enables injection of arbitrary DOM elements. Using `.text()` instead mitigates this issue. Signed-off-by: David Mehren <git@herrmehren.de> |
||
---|---|---|
.. | ||
lib | ||
cover.js | ||
extra.js | ||
history.js | ||
htmlExport.js | ||
index.js | ||
locale.js | ||
mathjax-config-extra.js | ||
pretty.js | ||
render.js | ||
reveal-markdown.js | ||
slide.js | ||
utils.js |