asandikci.com/web
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

fix: css selector string escaping vulnerability (#888)

Browse source 
Resolves #888
This commit is contained in:
Cotes Chung 2023-02-15 05:03:09 +08:00
parent c3a840076e
commit 5c6ec9d06b
No known key found for this signature in database
GPG key ID: 0D9E54843167A808
3 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
_javascript/utils/smooth-scroll.js
View file

@ -28,7 +28,7 @@ $(function () {
const hash = decodeURI(this.hash);
let toFootnoteRef = RegExp(/^#fnref:/).test(hash);
let toFootnote = toFootnoteRef ? false : RegExp(/^#fn:/).test(hash);
let selector = hash.includes(":") ? hash.replace(/:/g, "\\:") : hash;
let selector = '#' + $.escapeSelector(hash.substring(1));
let $target = $(selector);
let isMobileViews = $topbarTitle.is(":visible");

2
assets/js/dist/page.min.js vendored
View file

File diff suppressed because one or more lines are too long

2
assets/js/dist/post.min.js vendored
View file

File diff suppressed because one or more lines are too long