BUGFIX #24: toggle_string arguments are now escaped before being inserted into the DOM.

2024-11-15 00:57:08 +00:00 · 2016-11-30 19:33:20 +00:00 · 2016-11-30 19:33:20 +00:00 · 2f0bc54046
commit 2f0bc54046
parent 09d515cbae
5 changed files with 12 additions and 11 deletions
--- a/build/prod/cyberchef.htm
+++ b/build/prod/cyberchef.htm
--- a/build/prod/index.html
+++ b/build/prod/index.html
--- a/build/prod/scripts.js
+++ b/build/prod/scripts.js
--- a/src/js/views/html/HTMLApp.js
+++ b/src/js/views/html/HTMLApp.js
@ -436,7 +436,8 @@ HTMLApp.prototype.set_recipe_config = function(recipe_config) {
            } else if (args[j].classList.contains("toggle-string")) {
                // toggle_string
                args[j].value = recipe_config[i].args[j].string;
-                args[j].previousSibling.children[0].innerHTML = recipe_config[i].args[j].option +
+                args[j].previousSibling.children[0].innerHTML =
+                    Utils.escape_html(recipe_config[i].args[j].option) +
                    " <span class='caret'></span>";
            } else {
                // all others
--- a/src/static/stats.txt
+++ b/src/static/stats.txt
@ -1,9 +1,9 @@
 202	source files
-104190	lines
+104191	lines
 4.0M	size

 136	JavaScript source files
-95118	lines
+95119	lines
 3.4M	size

 78	third party JavaScript source files
@ -11,7 +11,7 @@
 2.7M	size

 58	first party JavaScript source files
-18741	lines
+18742	lines
 724K	size

 3.1M	uncompressed JavaScript size