mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Fixed XSS vulnerability when creating a new categories, etc via modal on create
Same fix as before, because of the weird select2 post-parsing ajax behavior
This commit is contained in:
parent
0358d13ddb
commit
978533b2f4
Binary file not shown.
BIN
public/js/dist/all.js
vendored
BIN
public/js/dist/all.js
vendored
Binary file not shown.
|
@ -8,7 +8,7 @@
|
|||
"/css/app.css.map": "/css/app.css.map?id=96b5c985e860716e6a16",
|
||||
"/css/overrides.css.map": "/css/overrides.css.map?id=f7ce9ca49027594ac402",
|
||||
"/css/dist/all.css": "/css/dist/all.css?id=98db4e9b7650453c8b00",
|
||||
"/js/dist/all.js": "/js/dist/all.js?id=114f1025a1b3e8975476",
|
||||
"/js/dist/all.js": "/js/dist/all.js?id=269c4bb386c5ae0dcce4",
|
||||
"/css/build/all.css": "/css/build/all.css?id=98db4e9b7650453c8b00",
|
||||
"/js/build/all.js": "/js/build/all.js?id=114f1025a1b3e8975476"
|
||||
"/js/build/all.js": "/js/build/all.js?id=269c4bb386c5ae0dcce4"
|
||||
}
|
||||
|
|
|
@ -171,5 +171,8 @@ function formatDatalist (datalist) {
|
|||
}
|
||||
|
||||
function formatDataSelection (datalist) {
|
||||
return datalist.text;
|
||||
return datalist.text.replace(/>/g, '>')
|
||||
.replace(/</g, '<')
|
||||
.replace(/"/g, '"')
|
||||
.replace(/'/g, ''');
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue