Skip to content

Commit

Permalink
fix(graph-node): sanitize dataModel.id to prevent XSS
Browse files Browse the repository at this point in the history
  • Loading branch information
@milosdanilov
milosdanilov committed Dec 4, 2020
1 parent 473ec31 commit 2c238ba
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/graph/graph-node.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,9 +128,9 @@ export class GraphNode {

return `
<g tabindex="-1" class="node ${nodeTypeClass} ${typeClass} ${itemsClass}"
data-connection-id="${dataModel.connectionId}"
data-connection-id="${HtmlUtils.escapeHTML(dataModel.connectionId)}"
transform="matrix(1, 0, 0, 1, ${x}, ${y})"
data-id="${dataModel.id}">
data-id="${HtmlUtils.escapeHTML(dataModel.id)}">
<g class="core" transform="matrix(1, 0, 0, 1, 0, 0)">
<circle cx="0" cy="0" r="${radius}" class="outer"></circle>
Expand Down Expand Up @@ -217,4 +217,4 @@ export class GraphNode {
return model;
}

}
}

0 comments on commit 2c238ba

Please sign in to comment.