Skip to content

Commit

Permalink
Merge pull request #15723 from craftcms/bugfix/xss-chips
Browse files Browse the repository at this point in the history 
Update `innerHtml` to `innerText`
  • Loading branch information
@brandonkelly
brandonkelly authored Sep 12, 2024
2 parents 396407f + a0cbcbc commit 243c899
Show file tree
Hide file tree
Showing 6 changed files with 6 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
- Fixed a bug where relation fields weren’t merging uploaded asset IDs with the existing field values. ([#15707](https://github.com/craftcms/cms/issues/15707))
- Fixed a styling issue with inline-editable Matrix block tabs. ([#15703](https://github.com/craftcms/cms/issues/15703))
- Fixed an RCE vulnerability.
- Fixed an XSS vulnerability.

## 5.4.2 - 2024-09-06

Expand Down
2 changes: 1 addition & 1 deletion src/web/assets/cp/dist/cp.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion src/web/assets/cp/dist/cp.js.map
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion src/web/assets/cp/dist/css/cp.css
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion src/web/assets/cp/dist/css/cp.css.map
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion src/web/assets/cp/src/js/CraftElementLabel.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ class CraftElementLabel extends HTMLElement {
whiteSpace: 'nowrap',
fontFamily: 'inherit',
});
tag.innerHTML = text;
tag.innerText = text;

this.appendChild(tag);
const result = tag.clientWidth;
Expand Down

0 comments on commit 243c899

Please sign in to comment.