Permalink
Browse files

fix(Table) avoid HTML injection in table data

  • Loading branch information...
mosinve authored and pi0 committed Feb 4, 2018
1 parent 7202c35 commit 63d80975539f4e338d3fc0fea4f22cfdee1290ee
Showing with 3 additions and 3 deletions.
  1. +3 −3 src/components/table/table.js
@@ -217,10 +217,10 @@ export default {
const formatted = t.getFormattedValue(item, field)
if (t.isStacked) {
// We innerHTML a DIV to ensure rendered as a single cell when visually stacked!
childNodes = [h('div', { domProps: { innerHTML: formatted } })]
childNodes = [h('div', formatted)]
} else {
// Non stcaked, so we just innerHTML the td
data.domProps['innerHTML'] = formatted
// Non stacked
childNodes = formatted
}
}
if (t.isStacked) {

0 comments on commit 63d8097

Please sign in to comment.