Skip to content

Commit

Permalink
XSS fix (layers name)
Browse files Browse the repository at this point in the history
  • Loading branch information
@viliusle
viliusle committed Dec 1, 2023
1 parent 1fce319 commit f22cb46
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
4 changes: 3 additions & 1 deletion src/js/core/gui/gui-layers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,8 +163,10 @@ class GUI_layers_class {
if(value.composition === 'source-atop'){
html += ' <button class="arrow_down" data-id="' + value.id + '" ></button>';
}

var layer_title = this.Helper.escapeHtml(value.name);

html += ' <button class="layer_name" id="layer_name" data-id="' + value.id + '">' + value.name + '</button>';
html += ' <button class="layer_name" id="layer_name" data-id="' + value.id + '">' + layer_title + '</button>';
html += ' <div class="clear"></div>';
html += '</div>';

Expand Down
6 changes: 5 additions & 1 deletion src/js/modules/layer/rename.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,25 @@ import app from './../../app.js';
import config from './../../config.js';
import Base_layers_class from './../../core/base-layers.js';
import Dialog_class from './../../libs/popup.js';
import Helper_class from './../../libs/helpers.js';

class Layer_rename_class {

constructor() {
this.Base_layers = new Base_layers_class();
this.POP = new Dialog_class();
this.Helper = new Helper_class();
}

rename(id = null) {
var _this = this;

var name_ = this.Helper.escapeHtml(config.layer.name);

var settings = {
title: 'Rename',
params: [
{name: "name", title: "Name:", value: config.layer.name},
{name: "name", title: "Name:", value: name_},
],
on_load: function () {
document.querySelector('#pop_data_name').select();
Expand Down

1 comment on commit f22cb46

@viliusle
Copy link
Owner Author

@viliusle viliusle commented on f22cb46 Dec 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update was pushed, previous fix was not enough.

f4aba67

Please sign in to comment.