Convert stylesheet.innerHTML to stylesheet.innerText

Browsers will interpret this the same but this protects against attacks such as: Change-Id: I34062ad3562a1791ec4ea5a404acf8f459cdcef9 https: //www.netsparker.com/blog/web-security/private-data-stolen-exploiting-css-injection/ Signed-off-by: LukeWood <[email protected]>
eclipse-theia · Aug 26, 2020 · d25a279 · d25a279
1 parent 4390a7d
commit d25a279
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/plugin-ext/src/main/browser/plugin-icon-theme-service.ts b/packages/plugin-ext/src/main/browser/plugin-icon-theme-service.ts
@@ -160,7 +160,7 @@ export class PluginIconTheme extends PluginIconThemeDefinition implements IconTh
         const styleElement = document.createElement('style');
         styleElement.type = 'text/css';
         styleElement.className = 'theia-icon-theme';
-        styleElement.innerHTML = this.styleSheetContent;
+        styleElement.innerText = this.styleSheetContent;
         document.head.appendChild(styleElement);
         const toRemoveStyleElement = Disposable.create(() => styleElement.remove());
         this.toDisposeStyleElement.push(toRemoveStyleElement);