From 9e9a853b2680dfb45d859f95d9f9d1cb906df637 Mon Sep 17 00:00:00 2001
From: Nicolas Kruchten <nicolas@datacratic.com>
Date: Wed, 21 Feb 2018 09:30:05 -0500
Subject: [PATCH] fix 2 XSS vulns

---
 src/components/containers/Fold.js                           | 5 +----
 .../widgets/text_editors/RichText/LinkDecorator.js          | 6 +-----
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/src/components/containers/Fold.js b/src/components/containers/Fold.js
index a8fe12c4c..664f83aa9 100644
--- a/src/components/containers/Fold.js
+++ b/src/components/containers/Fold.js
@@ -96,10 +96,7 @@ class Fold extends Component {
         <div className="fold__top__arrow-title">
           {arrowIcon}
           {icon}
-          <div
-            className="fold__top__title"
-            dangerouslySetInnerHTML={{__html: name}}
-          />
+          <div className="fold__top__title">{name}</div>
         </div>
         {deleteButton(deleteContainer)}
       </div>
diff --git a/src/components/widgets/text_editors/RichText/LinkDecorator.js b/src/components/widgets/text_editors/RichText/LinkDecorator.js
index 89d369537..175f71ddb 100644
--- a/src/components/widgets/text_editors/RichText/LinkDecorator.js
+++ b/src/components/widgets/text_editors/RichText/LinkDecorator.js
@@ -8,20 +8,16 @@
 
 import React from 'react';
 import PropTypes from 'prop-types';
-import {Entity} from 'draft-js';
 
 const LinkDecorator = props => {
-  const {url} = Entity.get(props.entityKey).getData();
-
   return (
-    <a href={url} style={props.style}>
+    <a href="#" style={props.style}>
       {props.children}
     </a>
   );
 };
 
 LinkDecorator.propTypes = {
-  entityKey: PropTypes.string.isRequired,
   style: PropTypes.object.isRequired,
   children: PropTypes.oneOfType([PropTypes.array, PropTypes.element])
     .isRequired,