kenmirrors/MagicMirror
1
0
Fork 0
mirror of https://github.com/MichMich/MagicMirror.git synced 2025-06-28 20:22:53 +00:00
Code Issues Projects Releases Wiki Activity

Replace innerHTML() with createElement() and appendChild() for security.

Browse Source
This commit is contained in:
ubertao 2018-09-20 08:49:17 +08:00
parent 40725aa2a2
commit cad7debc5b
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/default/compliments/compliments.js
View File

@ -157,10 +157,15 @@ Module.register("compliments", {
getDom: function() {
var complimentText = this.randomCompliment();
var compliment = document.createTextNode(complimentText);
var wrapper = document.createElement("div");
wrapper.className = this.config.classes ? this.config.classes : "thin xlarge bright";
wrapper.innerHTML = complimentText.replace(/\n/g, '<br>');
complimentText.split("\n").forEach(function(line, index) {
if (index > 0) {
wrapper.appendChild(document.createElement("br"));
}
wrapper.appendChild(document.createTextNode(line));
});
return wrapper;
},