holm/django-helpdesk
1
0
Fork 0
forked from extern/django-helpdesk
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #980 from noobpk/noobpk-fix-xss

Browse Source 
Add function `htmlEntities` into template ticket_list.html
This commit is contained in:
Garret Wassermann 2021-11-12 12:02:19 -05:00 committed by GitHub
commit 91b37f6d73
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
helpdesk/templates/helpdesk/ticket_list.html
View File

@ -330,7 +330,11 @@
function get_url(row) {
return "{% url 'helpdesk:view' 1234 %}".replace(/1234/, row.id.toString());
}
function htmlEntities(str) {
return String(str).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
}
$(document).ready(function () {
// Ticket DataTable Initialization
$('#ticketTable').DataTable({
@ -366,7 +370,7 @@
if (type === 'display') {
data = '<div class="tickettitle"><a href="' + get_url(row) + '" >' +
row.id + '. ' +
row.title + '</a></div>';
htmlEntities(row.title) + '</a></div>';
}
return data
}