[tern addon] Make sure dialog text is HTML escaped
This addresses a potential XSS vulnerability caused by tern's construction of inline HTML where text input is not escaped, which is then passed to the openDialog function for rendering. The construction is replaced with an equivalent DOM fragment construction, which the openDialog API also supports. This is currently a blocker for CodeMirror users that want to enforce Trusted Types in their web application.
This commit is contained in:
parent
52dc64004c
commit
a6fdd560c7
|
@ -589,10 +589,16 @@
|
|||
}
|
||||
|
||||
function dialog(cm, text, f) {
|
||||
if (cm.openDialog)
|
||||
cm.openDialog(text + ": <input type=text>", f);
|
||||
else
|
||||
if (cm.openDialog) {
|
||||
var fragment = document.createDocumentFragment();
|
||||
fragment.appendChild(document.createTextNode(text + ": "));
|
||||
var input = document.createElement("input");
|
||||
input.type = "text";
|
||||
fragment.appendChild(input);
|
||||
cm.openDialog(fragment, f);
|
||||
} else {
|
||||
f(prompt(text, ""));
|
||||
}
|
||||
}
|
||||
|
||||
// Tooltips
|
||||
|
|
Loading…
Reference in New Issue