Skip to content

Commit febc2b8

Browse files
yubiuseryubiuser
committed
Escape all lines to also prevent XSS for non-domain entries
Signed-off-by: yubiuser <[email protected]>
1 parent 55e8e4a commit febc2b8

1 file changed

Lines changed: 3 additions & 2 deletions

File tree

scripts/js/gravity.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -89,10 +89,11 @@ function parseLines(outputElement, text) {
8989
const lines = text.split(/(?=\r)/g);
9090

9191
for (let line of lines) {
92+
// Escape HTML to prevent XSS attacks (both in adlist URL and non-domain entries)
93+
line = utils.escapeHtml(line);
9294
if (line[0] === "\r") {
9395
// This line starts with the "OVER" sequence. Replace them with "\n" before print
94-
// we also escape HTML to prevent XSS attacks
95-
line = utils.escapeHtml(line.replaceAll("\r\u001B[K", "\n").replaceAll("\r", "\n"));
96+
line = line.replaceAll("\r\u001B[K", "\n").replaceAll("\r", "\n");
9697

9798
// Last line from the textarea will be overwritten, so we remove it
9899
const lastLineIndex = outputElement.innerHTML.lastIndexOf("\n");

0 commit comments

Comments
 (0)