From dfbd1290de7ca21e6e4c814931b731c35eccc4e7 Mon Sep 17 00:00:00 2001 From: Ralf Stockmann Date: Fri, 26 May 2023 10:12:47 +0200 Subject: [PATCH] Update script.js - Added DOMpurify to username, post content and spoiler content to prevent malicious input --- script.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/script.js b/script.js index d6058e7..7b106c5 100644 --- a/script.js +++ b/script.js @@ -77,11 +77,11 @@ const displayPost = function(post) {
-

${post.account.display_name}

+

${DOMPurify.sanitize(post.account.display_name)}

${post.media_attachments[0] ? `` : ''} -

${post.content}

- ${post.spoiler_text ? `

${post.spoiler_text}

` : ''} +

${DOMPurify.sanitize(post.content)}

+ ${post.spoiler_text ? `

${DOMPurify.sanitize(post.spoiler_text)}

` : ''}

${timeAgo(secondsAgo(new Date(post.created_at)))}