Skip to content

Commit

Permalink
update innovation show page js function setMoreLessHTML to properly e…
Browse files Browse the repository at this point in the history 
…scape potentially harmful chars to prevent xss vulnerability
  • Loading branch information
@PhilipDeFraties @camillevilla
PhilipDeFraties authored and camillevilla committed Dec 6, 2024
1 parent 4ab26b5 commit 0c923d2
Showing 1 changed file with 5 additions and 8 deletions.
13 changes: 5 additions & 8 deletions app/assets/javascripts/practice_page.es6
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,14 +56,11 @@
const moreText = 'See more';
const lessText = 'See less';
let t = $(element).text();
let firstHalf = `${t.slice(
0,
showChar
)}<span>${ellipsesText} </span><button type="button" class="dm-button--unstyled-primary more-link">${moreText}</button>`;
let secondHalf = `<span style="display:none;">${t.slice(
showChar,
t.length
)} <button type="button" class="dm-button--unstyled-primary less-link">${lessText}</button></span>`;
let firstHalf = `${_.escape(t.slice(0, showChar))}<span>${ellipsesText} </span>
<button type="button" class="dm-button--unstyled-primary more-link">${moreText}</button>`;
let secondHalf = `<span style="display:none;">${_.escape(t.slice(showChar, t.length))}
<button type="button" class="dm-button--unstyled-primary less-link">${lessText}</button></span>`;

if (t.length < showChar) return;

$(element).html(firstHalf + secondHalf);
Expand Down

0 comments on commit 0c923d2

Please sign in to comment.