From dedbac9ae49d7dc2173ef30fa87f66e72f44579d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Veys=C9=99l=20Xanki=C5=9Fiyev?= <xanveysel@gmail.com>
Date: Sat, 19 Mar 2022 11:24:19 +0400
Subject: [PATCH 1/2] sanitizeHTML add function

---
 src/core/validator.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/core/validator.js b/src/core/validator.js
index 4066b1c49..59413e5cb 100644
--- a/src/core/validator.js
+++ b/src/core/validator.js
@@ -13,7 +13,11 @@ function returnMessage(flag, key, ...arg) {
   }
   return [flag, message];
 }
-
+export function  sanitizeHTML(str) {
+return str.replace(/[^\w. ]/gi, function (c) {
+    return '&#' + c.charCodeAt(0) + ';';
+  });
+};
 export default class Validator {
   // operator: b|nb|eq|neq|lt|lte|gt|gte
   // type: date|number|list|phone|email

From fccdc034c5bd3f288d68f3789b413ef59cbfa621 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Veys=C9=99l=20Xanki=C5=9Fiyev?= <xanveysel@gmail.com>
Date: Sat, 19 Mar 2022 11:25:32 +0400
Subject: [PATCH 2/2] xss sanitize function add

---
 src/component/sheet.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/component/sheet.js b/src/component/sheet.js
index dac08948a..2192cb74b 100644
--- a/src/component/sheet.js
+++ b/src/component/sheet.js
@@ -19,6 +19,7 @@ import SortFilter from './sort_filter';
 import { xtoast } from './message';
 import { cssPrefix } from '../config';
 import { formulas } from '../core/formula';
+import {sanitizeHTML} from '../core/validator'
 
 /**
  * @desc throttle fn
@@ -499,6 +500,7 @@ function dataSetCellText(text, state = 'finished') {
   const { data, table } = this;
   // const [ri, ci] = selector.indexes;
   if (data.settings.mode === 'read') return;
+  text = sanitizeHTML(text)
   data.setSelectedCellText(text, state);
   const { ri, ci } = data.selector;
   if (state === 'finished') {