Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

settings_playgrounds: Fix HTML injection in language typeahead. 

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg 2024-01-19 17:30:10 -08:00 committed by Tim Abbott
parent 0df7bd71f3
commit bc5d4b565a
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
web/src/settings_playgrounds.js
View File

@ -11,6 +11,7 @@ import * as ListWidget from "./list_widget";
import {page_params} from "./page_params";
import * as realm_playground from "./realm_playground";
import * as scroll_util from "./scroll_util";
import {render_typeahead_item} from "./typeahead_helper";
import * as ui_report from "./ui_report";
const meta = {
@ -158,9 +159,7 @@ function build_page() {
items: 5,
fixed: true,
helpOnEmptyStrings: true,
highlighter(item) {
return language_labels.get(item);
},
highlighter: (item) => render_typeahead_item({primary: language_labels.get(item)}),
matcher(item) {
const q = this.query.trim().toLowerCase();
return item.toLowerCase().startsWith(q);