Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: [security] XSS in eventgraph preview payload
- as reported by Cyber Controls from SIX Group
  • Loading branch information
mokaddem committed Jan 18, 2023
1 parent 72c5424 commit a46f794
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions app/webroot/js/event-graph.js
Expand Up @@ -636,7 +636,7 @@ class EventGraph {
btn_plot.data('network-preview', preview);
btn_plot.popover({
container: 'body',
content: function() { return '<img style="width: 500px; height: 150px;" src="' + $(this).data('network-preview') + '" />'; },
content: function() { return '<img style="width: 500px; height: 150px;" src="' + $('<div>').text($(this).data('network-preview')).html() + '" />'; },
placement: 'right',
trigger: 'hover',
template: '<div class="popover" role="tooltip"><div class="arrow"></div><h3 class="popover-title"></h3><div class="popover-content" style="width: 500px; height: 150px;"></div></div>',
Expand Down Expand Up @@ -2002,7 +2002,7 @@ function reset_graph_history() {
btn_plot.data('network-preview', preview);
btn_plot.popover({
container: 'body',
content: function() { return '<img style="width: 500px; height: 150px;" src="' + $(this).data('network-preview') + '" />'; },
content: function() { return '<img style="width: 500px; height: 150px;" src="' + $('<div>').text($(this).data('network-preview')).html() + '" />'; },
placement: 'right',
trigger: 'hover',
template: '<div class="popover" role="tooltip"><div class="arrow"></div><h3 class="popover-title"></h3><div class="popover-content" style="width: 500px; height: 150px;"></div></div>',
Expand Down

0 comments on commit a46f794

Please sign in to comment.