paulmataruso/zulip-desktop
1
0
Fork 0
mirror of https://github.com/zulip/zulip-desktop.git synced 2025-11-15 19:31:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a9f479d60d7d34c8c486d3a5f72265df5280e69d
zulip-desktop/app/renderer/js/components/base.ts
Anders Kaseorg a9d59b3dcd CVE-2020-24582: Escape all strings interpolated into HTML. 
Also fix various variable names to consistently indicate which strings
contain HTML.

Some of these changes close cross-site scripting vulnerabilities, and
others are for consistency.  It’s important to be meticulously
consistent about escaping so that changes that would introduce
vulnerabilities stand out as obviously wrong.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-04 22:52:38 -07:00

8 lines
209 B
TypeScript
Raw Blame History

export default class BaseComponent {
generateNodeFromHTML(html: string): Element | null {
const wrapper = document.createElement('div');
wrapper.innerHTML = html;
return wrapper.firstElementChild;
}
}
Reference in New Issue View Git Blame Copy Permalink