[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-wallet-core] branch master updated: fix: qr code alt text xss
|
From: |
gnunet |
|
Subject: |
[taler-wallet-core] branch master updated: fix: qr code alt text xss |
|
Date: |
Wed, 14 Aug 2024 16:06:52 +0200 |
This is an automated email from the git hooks/post-receive script.
nora-grothoff pushed a commit to branch master
in repository wallet-core.
The following commit(s) were added to refs/heads/master by this push:
new d49344dae fix: qr code alt text xss
d49344dae is described below
commit d49344dae8b92bd458418ac20d93f61616897dc2
Author: Nullptrderef <nullptrderef@proton.me>
AuthorDate: Wed Aug 14 16:06:01 2024 +0200
fix: qr code alt text xss
---
packages/merchant-backoffice-ui/src/components/exception/QR.tsx | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/packages/merchant-backoffice-ui/src/components/exception/QR.tsx
b/packages/merchant-backoffice-ui/src/components/exception/QR.tsx
index 029a87879..ad1017257 100644
--- a/packages/merchant-backoffice-ui/src/components/exception/QR.tsx
+++ b/packages/merchant-backoffice-ui/src/components/exception/QR.tsx
@@ -31,7 +31,14 @@ export function QR({ text }: { text: string }): VNode {
const imageURL = `data:image/svg+xml,${encodeURIComponent(image)}`;
divRef.current.innerHTML = `<img src=${JSON.stringify(
imageURL,
- )} alt=${JSON.stringify(`QR Code containing the data ${text}`)} />`;
+ )} alt=${JSON.stringify(
+ `QR Code containing the data ${text
+ .replace(/&/g, "&")
+ .replace(/</g, "<")
+ .replace(/>/g, ">")
+ .replace(/"/g, """)
+ .replace(/'/g, "'")}`,
+ )} />`;
}
});
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-wallet-core] branch master updated: fix: qr code alt text xss,
gnunet <=