From 2c238ba06403ee33c03941c94047a7c8d10c5c49 Mon Sep 17 00:00:00 2001
From: Milos Danilov <milosdanilov@gmail.com>
Date: Fri, 4 Dec 2020 16:03:42 +0100
Subject: [PATCH] fix(graph-node): sanitize dataModel.id to prevent XSS

---
 src/graph/graph-node.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/graph/graph-node.ts b/src/graph/graph-node.ts
index a6ef1ee..d094747 100644
--- a/src/graph/graph-node.ts
+++ b/src/graph/graph-node.ts
@@ -128,9 +128,9 @@ export class GraphNode {
 
         return `
             <g tabindex="-1" class="node ${nodeTypeClass} ${typeClass} ${itemsClass}"
-               data-connection-id="${dataModel.connectionId}"
+               data-connection-id="${HtmlUtils.escapeHTML(dataModel.connectionId)}"
                transform="matrix(1, 0, 0, 1, ${x}, ${y})"
-               data-id="${dataModel.id}">
+               data-id="${HtmlUtils.escapeHTML(dataModel.id)}">
                
                 <g class="core" transform="matrix(1, 0, 0, 1, 0, 0)">
                     <circle cx="0" cy="0" r="${radius}" class="outer"></circle>
@@ -217,4 +217,4 @@ export class GraphNode {
         return model;
     }
 
-}
\ No newline at end of file
+}