Fix #136 remove html escape from the text widget

Issue #126 incorrectly stated that the text widget was susceptible to HTML injection, re-testing on version v1.1.9 confirmed it to not be the case. Saving/Re-saving HTML escaped content of the editable div caused further deterioration of the input as it gets re-escaped again and stored modified.
evilsocket · Feb 9, 2018 · 33663f8 · 33663f8
1 parent c8efb27
commit 33663f8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/arc/js/entries/text.js b/arc/js/entries/text.js
@@ -29,7 +29,7 @@ TextEntry.prototype.Render = function(with_value){
             'data-entry-type="' + this.type + '" ' +
             'class="div-editable" ' + 
             'id="' + this.id + '" ' +
-            'contenteditable="true">'+this.safeValue()+"</div>"
+            'contenteditable="true">'+this.value+"</div>"
     );
 }