fix: css selector string escaping vulnerability (#888)

Resolves #888
This commit is contained in:
Cotes Chung 2023-02-15 05:03:09 +08:00
parent c3a840076e
commit 5c6ec9d06b
No known key found for this signature in database
GPG key ID: 0D9E54843167A808
3 changed files with 3 additions and 3 deletions

View file

@ -28,7 +28,7 @@ $(function () {
const hash = decodeURI(this.hash);
let toFootnoteRef = RegExp(/^#fnref:/).test(hash);
let toFootnote = toFootnoteRef ? false : RegExp(/^#fn:/).test(hash);
let selector = hash.includes(":") ? hash.replace(/:/g, "\\:") : hash;
let selector = '#' + $.escapeSelector(hash.substring(1));
let $target = $(selector);
let isMobileViews = $topbarTitle.is(":visible");

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long