mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-24 20:31:00 +00:00
Merge pull request #6525 from overleaf/jpa-harden-translations-sanitize
[web] scripts/translations: sanitize: double down on angular xss GitOrigin-RevId: d08deab392942e593e920e648118f0e196af1740
This commit is contained in:
parent
58cf92620a
commit
22ee7d6da2
1 changed files with 3 additions and 0 deletions
|
@ -25,6 +25,9 @@ function sanitize(input) {
|
|||
a: ['href', 'class'],
|
||||
},
|
||||
textFilter(text) {
|
||||
// Block Angular XSS
|
||||
if (text === '{') return '{'
|
||||
if (text === '}') return '}'
|
||||
return text
|
||||
.replace(/\{\{/, '{{')
|
||||
.replace(/\}\}/, '}}')
|
||||
|
|
Loading…
Reference in a new issue