Removed xss on shelf add/remove action

3 years ago · c0a06eec46
parent 86ef1d47e8
commit c0a06eec46
1 changed files with 2 additions and 2 deletions
--- a/cps/static/js/details.js
+++ b/cps/static/js/details.js
@ -69,7 +69,7 @@ $("#archived_cb").on("change", function() {
                            templates.remove({
                                add: this.href,
                                remove: $this.data("remove-href"),
-                                content: this.textContent
+                                content: $("<div>").text(this.textContent).html()
                            })
                        );
                        break;
@ -78,7 +78,7 @@ $("#archived_cb").on("change", function() {
                            templates.add({
                                add: $this.data("add-href"),
                                remove: this.href,
-                                content: this.textContent
+                                content: $("<div>").text(this.textContent).html(),
                            })
                        );
                        break;