CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-05 15:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SECURITY] Fix (non-exploitable) XSS issue

Browse Source
This commit is contained in:
Raphael Michel
2022-01-25 12:58:06 +01:00
parent e3c7cd7c6d
commit 3596fa9c5a
6 changed files with 27 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/pretix/static/pretixcontrol/js/ui/main.js
View File

@@ -675,7 +675,21 @@ $(function () {
$('[data-toggle="tooltip"]').tooltip();
$('[data-toggle="tooltip_html"]').tooltip({
'html': true
'html': true,
'whiteList': {
// Global attributes allowed on any supplied element below.
'*': ['class', 'dir', 'id', 'lang', 'role'],
b: [],
br: [],
code: [],
div: [], // required for template
h3: ['class', 'role'], // required for template
i: [],
small: [],
span: [],
strong: [],
u: [],
}
});
var url = document.location.toString();