artin/miniPaint
1
0
Fork 0
mirror of https://github.com/viliusle/miniPaint.git synced 2026-02-06 11:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

XSS fix (layers name)

Browse Source
This commit is contained in:
viliusle 2023-12-01 15:05:05 +02:00
parent 1fce319dc9
commit f22cb46515
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/js/core/gui/gui-layers.js
View File

@ -164,7 +164,9 @@ class GUI_layers_class {
html += ' <button class="arrow_down" data-id="' + value.id + '" ></button>';
}
html += ' <button class="layer_name" id="layer_name" data-id="' + value.id + '">' + value.name + '</button>';
var layer_title = this.Helper.escapeHtml(value.name);
html += ' <button class="layer_name" id="layer_name" data-id="' + value.id + '">' + layer_title + '</button>';
html += ' <div class="clear"></div>';
html += '</div>';

6
src/js/modules/layer/rename.js
View File

@ -2,21 +2,25 @@ import app from './../../app.js';
import config from './../../config.js';
import Base_layers_class from './../../core/base-layers.js';
import Dialog_class from './../../libs/popup.js';
import Helper_class from './../../libs/helpers.js';
class Layer_rename_class {
constructor() {
this.Base_layers = new Base_layers_class();
this.POP = new Dialog_class();
this.Helper = new Helper_class();
}
rename(id = null) {
var _this = this;
var name_ = this.Helper.escapeHtml(config.layer.name);
var settings = {
title: 'Rename',
params: [
{name: "name", title: "Name:", value: config.layer.name},
{name: "name", title: "Name:", value: name_},
],
on_load: function () {
document.querySelector('#pop_data_name').select();