[SECURITY] Fix XSS vulnerability in typeahead.js

2026-05-05 15:14:04 +00:00 · 2017-08-21 13:05:18 +02:00
parent fb398a5520
commit a3ca4c81ae
1 changed files with 2 additions and 2 deletions
--- a/src/pretix/static/pretixcontrol/js/ui/typeahead.js
+++ b/src/pretix/static/pretixcontrol/js/ui/typeahead.js
@@ -22,11 +22,11 @@ $(function () {
                            $("<li>").append(
                                $("<a>").attr("href", res.url).append(
                                    $("<div>").append(
-                                        $("<span>").addClass("event-name-full").append(res.name)
+                                        $("<span>").addClass("event-name-full").append($("<div>").text(res.name).html())
                                    ).append(
                                        $("<span>").addClass("event-organizer").append(
                                            $("<span>").addClass("fa fa-users fa-fw")
-                                        ).append(" ").append(res.organizer)
+                                        ).append(" ").append($("<div>").text(res.organizer).html())
                                    ).append(
                                        $("<span>").addClass("event-daterange").append(
                                            $("<span>").addClass("fa fa-calendar fa-fw")