From d7c934cae8c4f0747a0298b7e237ebab4efd48e5 Mon Sep 17 00:00:00 2001 From: toasted-nutbread Date: Sat, 3 Jul 2021 10:46:51 -0400 Subject: Fix simple glossary HTML not being escaped (#1788) --- ext/js/templates/template-renderer.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ext') diff --git a/ext/js/templates/template-renderer.js b/ext/js/templates/template-renderer.js index 928ec3c4..8c62a3cd 100644 --- a/ext/js/templates/template-renderer.js +++ b/ext/js/templates/template-renderer.js @@ -611,7 +611,7 @@ class TemplateRenderer { _formatGlossary(context, dictionary, options) { const data = options.data.root; const content = options.fn(context); - if (typeof content === 'string') { return this._stringToMultiLineHtml(content); } + if (typeof content === 'string') { return this._stringToMultiLineHtml(this._escape(content)); } if (!(typeof content === 'object' && content !== null)) { return ''; } switch (content.type) { case 'image': return this._formatGlossaryImage(content, dictionary, data); -- cgit v1.2.3