diff options
author | toasted-nutbread <toasted-nutbread@users.noreply.github.com> | 2021-07-03 10:46:51 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-03 10:46:51 -0400 |
commit | d7c934cae8c4f0747a0298b7e237ebab4efd48e5 (patch) | |
tree | 0765c70f8180367b4601aab94aa3aed2da96a16a /ext/js | |
parent | ca97e38bd22875e23cfe6f70d1803ea31d6f0e89 (diff) |
Fix simple glossary HTML not being escaped (#1788)
Diffstat (limited to 'ext/js')
-rw-r--r-- | ext/js/templates/template-renderer.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/js/templates/template-renderer.js b/ext/js/templates/template-renderer.js index 928ec3c4..8c62a3cd 100644 --- a/ext/js/templates/template-renderer.js +++ b/ext/js/templates/template-renderer.js @@ -611,7 +611,7 @@ class TemplateRenderer { _formatGlossary(context, dictionary, options) { const data = options.data.root; const content = options.fn(context); - if (typeof content === 'string') { return this._stringToMultiLineHtml(content); } + if (typeof content === 'string') { return this._stringToMultiLineHtml(this._escape(content)); } if (!(typeof content === 'object' && content !== null)) { return ''; } switch (content.type) { case 'image': return this._formatGlossaryImage(content, dictionary, data); |