chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Prevent XSS when setting image alt text by using the ckeditor image plugin

Browse Source 
Refs advisory GHSA-24cc-9jp9-rxx6
pull/6052/head
Angel Fernando Quiroz Campos 10 months ago
parent a9d0097466
commit d5c29cf39a
No known key found for this signature in database
GPG Key ID: B284841AE3E562CD
1 changed files with 8 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 10
      main/inc/lib/javascript/ckeditor/plugins/image2_chamilo/dialogs/image2_chamilo.js

10
main/inc/lib/javascript/ckeditor/plugins/image2_chamilo/dialogs/image2_chamilo.js
Unescape View File

@ -430,10 +430,16 @@ CKEDITOR.dialog.add( 'image2_chamilo', function( editor ) {
type: 'text',
label: lang.alt,
setup: function( widget ) {
this.setValue( widget.data.alt );
const tempDiv = document.createElement("div");
tempDiv.innerHTML = widget.data.alt;
this.setValue( tempDiv.textContent || tempDiv.innerText );
},
commit: function( widget ) {
widget.setData( 'alt', this.getValue() );
const tempDiv = document.createElement("div");
tempDiv.textContent = this.getValue();
widget.setData( 'alt', tempDiv.innerHTML );
},
validate: editor.config.image2_chamilo_altRequired === true ? CKEDITOR.dialog.validate.notEmpty( lang.altMissing ) : null
},

Write Preview
Loading…
Cancel
Save