kjanat/livegraphs-django
1
0
Fork 0
mirror of https://github.com/kjanat/livegraphs-django.git synced 2026-01-16 07:32:12 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Potential fix for code scanning alert no. 3: DOM text reinterpreted as HTML

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
Kaj Kowalski
2025-05-18 23:37:40 +02:00
committed by GitHub
parent 9d8322064b
commit e48b0c90f3
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
dashboard_project/templates/base.html
View File

@ -299,6 +299,15 @@
}); });
function createToast(messageText, messageTags) { function createToast(messageText, messageTags) {
function escapeHtml(unsafe) {
return unsafe
.replace(/&/g, "&amp;")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#039;");
}
let toastClass = ""; let toastClass = "";
let autohide = true; let autohide = true;
let delay = 5000; let delay = 5000;
@ -329,7 +338,7 @@
<button type="button" class="btn-close ${toastClass.includes("text-white") ? "btn-close-white" : ""}" data-bs-dismiss="toast" aria-label="Close"></button> <button type="button" class="btn-close ${toastClass.includes("text-white") ? "btn-close-white" : ""}" data-bs-dismiss="toast" aria-label="Close"></button>
</div> </div>
<div class="toast-body"> <div class="toast-body">
${messageText} ${escapeHtml(messageText)}
</div> </div>
</div>`; </div>`;