Skip to content

Commit

Permalink
支払方法設定のXSS対応
Browse files Browse the repository at this point in the history
  • Loading branch information
kiy0taka authored and chihiro-adachi committed Jun 4, 2021
1 parent 863e6dc commit ca79685
Showing 1 changed file with 3 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ file that was distributed with this source code.
}
};
var proto_img = '<div class="c-form__fileUploadThumbnail" style="background-image:url(\'__path__\');">' +
var proto_img = '<div class="c-form__fileUploadThumbnail">' +
'<a class="delete-image"><i class="fa fa-times" aria-hidden="true"></i></a>' +
'</div>';
var payment_image = $('#{{ form.payment_image.vars.id }}').val();
Expand All @@ -57,7 +57,7 @@ file that was distributed with this source code.
} else {
var path = '{{ asset('', 'temp_image') }}' + filename;
}
var $img = $(proto_img.replace(/__path__/g, path));
var $img = $(proto_img).css('background-image', 'url(' + path + ')');
$('#{{ form.payment_image.vars.id }}').val(filename);
$('#thumb').append($img);
Expand All @@ -73,7 +73,7 @@ file that was distributed with this source code.
done: function(e, data) {
$('.progress').hide();
var path = '{{ asset('', 'temp_image') }}/' + data.result.filename;
var $img = $(proto_img.replace(/__path__/g, path));
var $img = $(proto_img).css('background-image', 'url(' + path + ')');;
$('#{{ form.payment_image.vars.id }}').val(data.result.filename);
$('#thumb').append($img);
Expand Down

0 comments on commit ca79685

Please sign in to comment.