Skip to content

Commit e61fe7f

Browse files
authored
Merge pull request #159 from msgpack/fix_dom_injection
fix a js/xss-through-dom problem detected by CodeQL
2 parents 45dadc4 + da0b37c commit e61fe7f

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

example/fetch-example.html

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -48,11 +48,13 @@ <h1>Fetch API example</h1>
4848
}
4949
})()
5050
</script>
51+
<pre><code id="source"></code></pre>
5152
<script>
5253
const script = document.getElementById("script");
53-
document.write("<pre><code>");
54-
document.write(script.innerText.replace(/^ {6}/gms, ""));
55-
document.write("</code><pre>");
54+
const source = document.getElementById("source");
55+
source.appendChild(
56+
document.createTextNode(
57+
script.innerText.replace(/^ {6}/gms, "")));
5658
</script>
5759
</main>
5860
</body>

0 commit comments

Comments
 (0)