summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
authortoasted-nutbread <toasted-nutbread@users.noreply.github.com>2021-07-03 10:46:51 -0400
committerGitHub <noreply@github.com>2021-07-03 10:46:51 -0400
commitd7c934cae8c4f0747a0298b7e237ebab4efd48e5 (patch)
tree0765c70f8180367b4601aab94aa3aed2da96a16a /ext
parentca97e38bd22875e23cfe6f70d1803ea31d6f0e89 (diff)
Fix simple glossary HTML not being escaped (#1788)
Diffstat (limited to 'ext')
-rw-r--r--ext/js/templates/template-renderer.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/js/templates/template-renderer.js b/ext/js/templates/template-renderer.js
index 928ec3c4..8c62a3cd 100644
--- a/ext/js/templates/template-renderer.js
+++ b/ext/js/templates/template-renderer.js
@@ -611,7 +611,7 @@ class TemplateRenderer {
_formatGlossary(context, dictionary, options) {
const data = options.data.root;
const content = options.fn(context);
- if (typeof content === 'string') { return this._stringToMultiLineHtml(content); }
+ if (typeof content === 'string') { return this._stringToMultiLineHtml(this._escape(content)); }
if (!(typeof content === 'object' && content !== null)) { return ''; }
switch (content.type) {
case 'image': return this._formatGlossaryImage(content, dictionary, data);