Merge pull request #29 from cooljeanius/autofix/alert-25-f67b789e8b

Fix code scanning alert #25: Client-side cross-site scripting via Copilot Autofix
cooljeanius · Sep 23, 2024 · 4d9223f · 4d9223f
2 parents fedf63d + d697093
commit 4d9223f
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/GhidraDocs/GhidraClass/Intermediate/Scripting_withNotes.html b/GhidraDocs/GhidraClass/Intermediate/Scripting_withNotes.html
@@ -1,6 +1,7 @@
 <!DOCTYPE html>
 
 <meta charset="utf8" http-equiv="X-UA-Compatible" content="IE=Edge">
+<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.4/purify.min.js"></script>
 <title>Ghidra Scripting</title>
 
 <div id="present">
@@ -219,9 +220,9 @@
     }
     if (aEvent.source === this.views.present) {
       if (argv[0] === "NOTES" && argc === 2)
-        $("#notes > #content").innerHTML = this.notes = argv[1];
+        $("#notes > #content").innerHTML = this.notes = DOMPurify.sanitize(argv[1]);
       if (argv[0] === "REGISTERED" && argc === 3)
-        $("#slidecount").innerHTML = argv[2];
+        $("#slidecount").innerHTML = DOMPurify.sanitize(argv[2]);
     }
   }