diff options
| author | toasted-nutbread <toasted-nutbread@users.noreply.github.com> | 2021-07-03 10:46:51 -0400 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-03 10:46:51 -0400 | 
| commit | d7c934cae8c4f0747a0298b7e237ebab4efd48e5 (patch) | |
| tree | 0765c70f8180367b4601aab94aa3aed2da96a16a | |
| parent | ca97e38bd22875e23cfe6f70d1803ea31d6f0e89 (diff) | |
Fix simple glossary HTML not being escaped (#1788)
| -rw-r--r-- | ext/js/templates/template-renderer.js | 2 | 
1 files changed, 1 insertions, 1 deletions
| diff --git a/ext/js/templates/template-renderer.js b/ext/js/templates/template-renderer.js index 928ec3c4..8c62a3cd 100644 --- a/ext/js/templates/template-renderer.js +++ b/ext/js/templates/template-renderer.js @@ -611,7 +611,7 @@ class TemplateRenderer {      _formatGlossary(context, dictionary, options) {          const data = options.data.root;          const content = options.fn(context); -        if (typeof content === 'string') { return this._stringToMultiLineHtml(content); } +        if (typeof content === 'string') { return this._stringToMultiLineHtml(this._escape(content)); }          if (!(typeof content === 'object' && content !== null)) { return ''; }          switch (content.type) {              case 'image': return this._formatGlossaryImage(content, dictionary, data); |