htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Escape text passed in collection sorting

Browse Source 
Previously, the ID and title of tips and exercises newly added to the list were gathered from the DOM. While we keep this mechanism, we ensure to escape the text before reusing it.
This commit is contained in:
Sebastian Serth
2024-03-25 23:36:28 +01:00
committed by Dominic Sauer
parent 2c28e8616a
commit dfa970664d
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/exercises.js
View File

@ -225,7 +225,7 @@ $(document).on('turbolinks:load', function () {
$('.remove-tip').on('click', removeTip);
function addTip(id, title) {
const tip = {id: id, title: title}
const tip = {id: _.escape(id), title: _.escape(title)}
const template =
'<div class="list-group-item d-block" data-tip-id=' + tip.id + ' data-id="">' +
'<span class="fa-solid fa-bars me-3"></span>' + tip.title +