Skip to content
Permalink
Browse files Browse the repository at this point in the history
SECURITY: Fix DOM XSS in More Links addon
  • Loading branch information
apple502j committed Nov 23, 2020
1 parent 7afa25e commit b9a52d6
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion addons/more-links/userscript.js
Expand Up @@ -15,7 +15,10 @@ export default async function ({ addon, console }) {
let element = await addon.tab.waitForElement(".project-description", { markAsSeen: true });
// Need to convert #[numbers] to solve conflict between tags and external Scratch player links.
document.querySelectorAll(".project-description a").forEach((element) => {
if (/\d+/.test(element.textContent)) element.outerHTML = element.textContent;
if (/^#\d+$/.test(element.textContent) && element.previousSibling instanceof Text) {
element.previousSibling.textContent += element.textContent;
element.remove();
}
});
element.normalize();
linkifyElement(element);
Expand Down

0 comments on commit b9a52d6

Please sign in to comment.