Skip to content

Commit

Permalink
Merge pull request #3679 from traPtitech/security/user_xss
Browse files Browse the repository at this point in the history 
javascipt呼び出しもURLに認識されていたのを修正
  • Loading branch information
@hijiki51
hijiki51 committed Nov 20, 2022
2 parents e0eb627 + 12d727d commit 0733e5f
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/lib/markdown/markdown.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,12 @@ const storeProvider: Store = {
return `${embeddingOrigin}${channelIdToLink(id)}`
},
generateUserHref(id) {
return encodeURIComponent(`javascript:openUserModal(${JSON.stringify(id)})`)
return `javascript:openUserModal(${encodeURIComponent(JSON.stringify(id))})`
},
generateUserGroupHref(id) {
return encodeURIComponent(
`javascript:openGroupModal(${JSON.stringify(id)})`
)
return `javascript:openGroupModal(${encodeURIComponent(
JSON.stringify(id)
)})`
}
}

Expand Down

0 comments on commit 0733e5f

Please sign in to comment.