Skip to content

Commit

Permalink
update innovation show page js function setMoreLessHTML to properly e…
Browse files Browse the repository at this point in the history 
…scape potentially harmful chars to prevent xss vulnerability
  • Loading branch information
@PhilipDeFraties @camillevilla
PhilipDeFraties authored and camillevilla committed Dec 6, 2024
1 parent 0b9d84b commit 10bbac5
Showing 1 changed file with 5 additions and 8 deletions.
13 changes: 5 additions & 8 deletions app/assets/javascripts/practice_page.es6
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,14 +56,11 @@
const moreText = 'See more';
const lessText = 'See less';
let t = $(element).text();
let firstHalf = `${t.slice(
0,
showChar
)}<span>${ellipsesText} </span><button type="button" class="dm-button--unstyled-primary more-link">${moreText}</button>`;
let secondHalf = `<span style="display:none;">${t.slice(
showChar,
t.length
)} <button type="button" class="dm-button--unstyled-primary less-link">${lessText}</button></span>`;
let firstHalf = `${_.escape(t.slice(0, showChar))}<span>${ellipsesText} </span>
<button type="button" class="dm-button--unstyled-primary more-link">${moreText}</button>`;
let secondHalf = `<span style="display:none;">${_.escape(t.slice(showChar, t.length))}
<button type="button" class="dm-button--unstyled-primary less-link">${lessText}</button></span>`;

if (t.length < showChar) return;

$(element).html(firstHalf + secondHalf);
Expand Down

0 comments on commit 10bbac5

Please sign in to comment.