Skip to content

Commit

Permalink
XSS fix update
Browse files Browse the repository at this point in the history
  • Loading branch information
@viliusle
viliusle committed Dec 1, 2023
1 parent 7c2c056 commit f4aba67
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
1 change: 1 addition & 0 deletions src/js/modules/file/save.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ class File_save_class {
if (parts.length > 1)
file_name = parts[parts.length - 2];
file_name = file_name.replace(/ /g, "-");
file_name = this.Helper.escapeHtml(file_name);

var save_types = [];
for(var i in file_types) {
Expand Down
13 changes: 12 additions & 1 deletion src/js/modules/layer/rename.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ class Layer_rename_class {
new app.Actions.Bundle_action('rename_layer', 'Rename Layer', [
new app.Actions.Refresh_layers_gui_action('undo'),
new app.Actions.Update_layer_action(id || config.layer.id, {
name: params.name
name: _this.validate_name(params.name)
}),
new app.Actions.Refresh_layers_gui_action('do')
])
Expand All @@ -39,6 +39,17 @@ class Layer_rename_class {
};
this.POP.show(settings);
}

validate_name(text) {
text = text
.replace(/&/g, "-")
.replace(/</g, "-")
.replace(/>/g, "-")
.replace(/"/g, "-")
.replace(/'/g, "-");

return text;
}
}

export default Layer_rename_class;

0 comments on commit f4aba67

Please sign in to comment.