fix(graph-node): sanitize makePortTemplate to prevent XSS

rabix · Feb 3, 2021 · 0c15b01 · 0c15b01
1 parent 9b94ae4
commit 0c15b01
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/graph/graph-node.ts b/src/graph/graph-node.ts
@@ -160,8 +160,8 @@ export class GraphNode {
 
         return `
             <g class="port ${portClass}" transform="${transform || "matrix(1, 0, 0, 1, 0, 0)"}"
-               data-connection-id="${port.connectionId}"
-               data-port-id="${port.id}"
+               data-connection-id="${HtmlUtils.escapeHTML(port.connectionId)}"
+               data-port-id="${HtmlUtils.escapeHTML(port.id)}"
             >
                 <g class="io-port">
                     <circle cx="0" cy="0" r="7" class="port-handle"></circle>