Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-p6rw-44q7-3fw4
Safer handling of user strings
  • Loading branch information
vidartf committed Oct 25, 2021
2 parents f16d448 + 19fded3 commit e44a5cc
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 6 deletions.
6 changes: 4 additions & 2 deletions packages/labextension/src/widget.ts
Expand Up @@ -239,9 +239,11 @@ namespace Private {
<button class="nbdime-export" style="display: none">Export diff</button>
</div>
<div class=nbdime-header-banner>
<span class="nbdime-header-base">${baseLabel}</span>
<span class="nbdime-header-remote">${remoteLabel}</span>
<span class="nbdime-header-base"></span>
<span class="nbdime-header-remote"></span>
</div>`;
(node.getElementsByClassName("nbdime-header-base")[0] as HTMLSpanElement).innerText = baseLabel;
(node.getElementsByClassName("nbdime-header-remote")[0] as HTMLSpanElement).innerText = remoteLabel;

return new Widget({node});
}
Expand Down
2 changes: 1 addition & 1 deletion packages/nbdime/src/common/util.ts
Expand Up @@ -298,7 +298,7 @@ function buildSelect(options: string[], select?: HTMLSelectElement): HTMLSelectE
}
for (let option of options) {
let opt = document.createElement('option');
opt.value = opt.innerHTML = option;
opt.text = option;
select.appendChild(opt);
}
return select;
Expand Down
30 changes: 30 additions & 0 deletions packages/nbdime/test/src/common/util.spec.ts
Expand Up @@ -255,6 +255,36 @@ describe('common', () => {

});

describe('buildSelect', () => {

it('should create an empty select', () => {
let value = util.buildSelect([]);
expect(value.outerHTML).toEqual("<select></select>");
});

it('should reuse a given select', () => {
const select = document.createElement('select');
let value = util.buildSelect([], select);
expect(value).toBe(select);
});

it('should create a select with options', () => {
let value = util.buildSelect([
'foo',
'bar',
'<div>boo</div>'
]);
expect(value.outerHTML).toEqual(
'<select>' +
'<option>foo</option>' +
'<option>bar</option>' +
'<option>&lt;div&gt;boo&lt;/div&gt;</option>' +
'</select>'
);
});

});

});

});
7 changes: 5 additions & 2 deletions packages/webapp/src/app/diff.ts
Expand Up @@ -180,11 +180,14 @@ function onDiffRequestCompleted(data: any) {
*/
function onDiffRequestFailed(response: string) {
console.log('Diff request failed.');
let root = document.getElementById('nbdime-root');
const root = document.getElementById('nbdime-root');
if (!root) {
throw new Error('Missing root element "nbidme-root"');
}
root.innerHTML = '<pre>' + response + '</pre>';
const pre = document.createElement('pre');
pre.innerText = response;
root.innerHTML = '';
root.appendChild(pre);
diffWidget = null;
toggleSpinner(false);
}
Expand Down
5 changes: 4 additions & 1 deletion packages/webapp/src/app/merge.ts
Expand Up @@ -179,7 +179,10 @@ function onMergeRequestFailed(response: string) {
if (!root) {
throw new Error('Missing root element "nbidme-root"');
}
root.innerHTML = '<pre>' + response + '</pre>';
const pre = document.createElement('pre');
pre.innerText = response;
root.innerHTML = '';
root.appendChild(pre);
mergeWidget = null;
toggleSpinner(false);
}
Expand Down

0 comments on commit e44a5cc

Please sign in to comment.