Skip to content

Commit

Permalink
Merge pull request #5370 from Countly/SER-1602
Browse files Browse the repository at this point in the history
[SER-1602] Security Vulnerabilities and bugs
  • Loading branch information
kanwarujjaval authored Jul 4, 2024
2 parents 8fcaf83 + 443ac47 commit 816334d
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 8 deletions.
4 changes: 2 additions & 2 deletions bin/scripts/fix-data/reports_snapshot_flag.js
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,8 @@ Promise.all([pluginManager.dbConnection("countly")]).then(async function([countl
console.log('Finished');
countlyDb.close();
process.exit();
}).catch(function(err) {
console.log('Error', err);
}).catch(function() {
console.log('Unknown Error while executing script');
countlyDb.close();
process.exit();
});
Expand Down
19 changes: 13 additions & 6 deletions plugins/star-rating/frontend/public/templates/feedback-popup.html
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,11 @@
var h = d.getHours();
var dow = d.getDay();
var symbol = 'emoji';

var encodeHtml = function (html) {
var div = document.createElement('div');
div.innerText = html;
return div.innerHTML;
};
if (!platform || (platform === "undefined") || (platform === "null")) {
platform = "Web";
}
Expand Down Expand Up @@ -235,11 +239,14 @@
links = JSON.parse(response.links);
}
if(consent && links && finalText){
links.forEach(function(link) {
var regex = new RegExp('\\b' + link.textValue + '\\b', 'g');
finalText = finalText.replace(regex, '<a href="' + link.linkValue + '" target="_blank">' + link.textValue + '</a>');
});

//sanitize the text and links
finalText = encodeHtml(finalText);
links.forEach(function (link) {
link.linkValue = encodeHtml(link.linkValue);
link.textValue = encodeHtml(link.textValue);
var regex = new RegExp('\\b' + link.textValue + '\\b', 'g');
finalText = finalText.replace(regex, '<a href="' + link.linkValue + '" target="_blank">' + link.textValue + '</a>');
});
}
if(consent){
contentEl.removeClass("hidden");
Expand Down

0 comments on commit 816334d

Please sign in to comment.