jingrow/charts
1
0
Fork 0
Code Pull Requests Activity

Merge pull request #1 from arjunshibu/master

Browse Source 
Security fix for Cross-Site Scripting Vulnerability in frappe-charts
This commit is contained in:
Jamie Slome 2020-11-16 16:14:44 +00:00 committed by GitHub
commit 2fb0609a02
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/js/charts/AxisChart.js
View File

@ -110,7 +110,7 @@ export default class AxisChart extends BaseChart {
let values = d.values; let values = d.values;
let cumulativeYs = d.cumulativeYs || []; let cumulativeYs = d.cumulativeYs || [];
return { return {
name: d.name, name: d.name.replace(/<|>|&/g, (char) => char == '&' ? '&amp;' : char == '<' ? '&lt;' : '&gt;'),
index: i, index: i,
chartType: d.chartType, chartType: d.chartType,