aboutsummaryrefslogtreecommitdiffstats
path: root/package-lock.json
diff options
context:
space:
mode:
authorsilverwind <me@silverwind.io>2020-07-31 04:14:04 +0200
committerGitHub <noreply@github.com>2020-07-30 22:14:04 -0400
commit11dcc177637a234fd624db5d766746dea992bcd4 (patch)
tree457c6a6be21298c41c23761356a036d41d4f6767 /package-lock.json
parent24f86257900866ced5aa6b470d05f6d9f1a82de0 (diff)
downloadgitea-11dcc177637a234fd624db5d766746dea992bcd4.tar.gz
gitea-11dcc177637a234fd624db5d766746dea992bcd4.zip
Improve HTML escaping helper (#12383)
The previous method did not escape single quotes which under some circumstances can lead to XSS vulnerabilites and the fact that it depends on jQuery is also not ideal. Replace it with a lightweight module. Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'package-lock.json')
-rw-r--r--package-lock.json5
1 files changed, 5 insertions, 0 deletions
diff --git a/package-lock.json b/package-lock.json
index d145009323..415fb38016 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4372,6 +4372,11 @@
"resolved": "https://registry.npmjs.org/escalade/-/escalade-3.0.2.tgz",
"integrity": "sha512-gPYAU37hYCUhW5euPeR+Y74F7BL+IBsV93j5cvGriSaD1aG6MGsqsV1yamRdrWrb2j3aiZvb0X+UBOWpx3JWtQ=="
},
+ "escape-goat": {
+ "version": "3.0.0",
+ "resolved": "https://registry.npmjs.org/escape-goat/-/escape-goat-3.0.0.tgz",
+ "integrity": "sha512-w3PwNZJwRxlp47QGzhuEBldEqVHHhh8/tIPcl6ecf2Bou99cdAt0knihBV0Ecc7CGxYduXVBDheH1K2oADRlvw=="
+ },
"escape-string-regexp": {
"version": "1.0.5",
"resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",