paulmataruso/zulip-desktop
1
0
Fork 0
mirror of https://github.com/zulip/zulip-desktop.git synced 2025-11-04 05:53:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Escape all strings inserted into CSS selectors.

Browse Source 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg
2020-08-24 20:01:51 -07:00
parent a9d59b3dcd
commit 97f8fe71af
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/renderer/js/main.ts
View File

@@ -461,7 +461,7 @@ class ServerManagerView {
const $parent = $img.parentElement;
const $container = $parent.parentElement;
const webviewId = $container.dataset.tabId;
const $webview = document.querySelector(`webview[data-tab-id="${webviewId}"]`);
const $webview = document.querySelector(`webview[data-tab-id="${CSS.escape(webviewId)}"]`);
const realmName = $webview.getAttribute('name');
if (realmName === null) {
@@ -972,7 +972,7 @@ class ServerManagerView {
webviews.forEach(webview => {
const currentId = webview.getWebContentsId();
const tabId = webview.getAttribute('data-tab-id');
const concurrentTab: HTMLButtonElement = document.querySelector(`div[data-tab-id="${tabId}"]`);
const concurrentTab: HTMLButtonElement = document.querySelector(`div[data-tab-id="${CSS.escape(tabId)}"]`);
if (currentId === webviewId) {
concurrentTab.click();
}