diff options
| author | David Mehren | 2020-12-26 14:40:00 +0100 | 
|---|---|---|
| committer | David Mehren | 2020-12-27 10:14:27 +0100 | 
| commit | c32b1cf42b8ec96571815efc4a22a2207519807d (patch) | |
| tree | 67d1739e5b60b193a4cbd0d97c0c9154a697a9a2 /public/uploads | |
| parent | 89ecff4b1c198b8ecaa09e87369160a19d537b89 (diff) | |
Don't store mermaid diagrams in innerHTML
Using jQuery's `.html()` method stores the given string as `innerHTML`, which enables injection of arbitrary DOM elements.
Using `.text()` instead mitigates this issue.
Signed-off-by: David Mehren <git@herrmehren.de>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions
