Skip to content

Commit 5614a62

Browse files
authored
Merge pull request #622 from pateljannat/issues
fix: sanitized inputs for people and course creation page
2 parents 1c0644a + 5727b7c commit 5614a62

File tree

2 files changed

+12
-2
lines changed

2 files changed

+12
-2
lines changed

Diff for: lms/www/courses/create.js

+6-1
Original file line numberDiff line numberDiff line change
@@ -51,8 +51,13 @@ const create_tag = (e) => {
5151
if ($(e.target).val() == "") {
5252
return;
5353
}
54+
55+
let tag_value = $(e.target)
56+
.val()
57+
.replace(/</g, "&lt;")
58+
.replace(/>/g, "&gt;");
5459
let tag = `<button class="btn btn-secondary btn-sm mr-2 text-uppercase">
55-
${$(e.target).val()}
60+
${tag_value}
5661
<span class="btn-remove">
5762
<svg class="icon icon-sm">
5863
<use class="" href="#icon-close"></use>

Diff for: lms/www/people/index.js

+6-1
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,12 @@ const search = (e) => {
3636
$("#load-more").removeClass("hide");
3737
else $("#search-empty-state").removeClass("hide");
3838

39-
$(".member-parent").append(data.message.user_details);
39+
let user_details = data.message.user_details;
40+
user_details
41+
.replace(/&/g, "&amp;")
42+
.replace(/</g, "&lt;")
43+
.replace(/"/g, "&quot;");
44+
$(".member-parent").append(user_details);
4045
update_load_more_state(data);
4146
},
4247
});

0 commit comments

Comments
 (0)