addressing jsverifyRngState 8b8f0d4ec2a67139b5, fixes HTML injection via filename, closes #554

2019-12-25 09:14:32 +01:00
parent ddaee6486d
commit 8d0ac336d2
5 changed files with 11 additions and 6 deletions
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -2795,8 +2795,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            // move elemement to new place
            $attachmentLink.appendTo($element);

-            // update text
-            I18n._($attachmentLink, label, $attachmentLink.attr('download'));
+            // update text - ensuring no HTML is inserted into the text node
+            I18n._(
+                $attachmentLink,
+                $('<div />').text(label).html(),
+                $('<div />').text($attachmentLink.attr('download')).html()
+            );
        };

        /**