diff options
author | silverwind <me@silverwind.io> | 2020-07-31 04:14:04 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-07-30 22:14:04 -0400 |
commit | 11dcc177637a234fd624db5d766746dea992bcd4 (patch) | |
tree | 457c6a6be21298c41c23761356a036d41d4f6767 /package-lock.json | |
parent | 24f86257900866ced5aa6b470d05f6d9f1a82de0 (diff) | |
download | gitea-11dcc177637a234fd624db5d766746dea992bcd4.tar.gz gitea-11dcc177637a234fd624db5d766746dea992bcd4.zip |
Improve HTML escaping helper (#12383)
The previous method did not escape single quotes which under some
circumstances can lead to XSS vulnerabilites and the fact that it
depends on jQuery is also not ideal. Replace it with a lightweight
module.
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'package-lock.json')
-rw-r--r-- | package-lock.json | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/package-lock.json b/package-lock.json index d145009323..415fb38016 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4372,6 +4372,11 @@ "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.0.2.tgz", "integrity": "sha512-gPYAU37hYCUhW5euPeR+Y74F7BL+IBsV93j5cvGriSaD1aG6MGsqsV1yamRdrWrb2j3aiZvb0X+UBOWpx3JWtQ==" }, + "escape-goat": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/escape-goat/-/escape-goat-3.0.0.tgz", + "integrity": "sha512-w3PwNZJwRxlp47QGzhuEBldEqVHHhh8/tIPcl6ecf2Bou99cdAt0knihBV0Ecc7CGxYduXVBDheH1K2oADRlvw==" + }, "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", |