devol
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

Fix #1020 - XSS via innerHTML property (#1022)

This commit is contained in:
Chad Scharf 2021-06-09 15:58:07 -04:00 committed by GitHub
parent fd328eef2a
commit fd683e9d71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/connectors/webauthn-fallback.ts
View File

@ -104,7 +104,7 @@ async function initWebAuthn(obj: any) {
function error(message: string) {
const el = document.getElementById('msg');
resetMsgBox(el);
el.innerHTML = message;
el.textContent = message;
el.classList.add('alert');
el.classList.add('alert-danger');
}
@ -114,7 +114,7 @@ function success(message: string) {
const el = document.getElementById('msg');
resetMsgBox(el);
el.innerHTML = message;
el.textContent = message;
el.classList.add('alert');
el.classList.add('alert-success');
}

2
src/locales/en/messages.json
View File

@ -3844,7 +3844,7 @@
"message": "WebAuthn is not supported in this browser."
},
"webAuthnSuccess": {
"message": "<strong>WebAuthn verified successfully!</strong><br>You may close this tab."
"message": "WebAuthn verified successfully! You may close this tab."
},
"hintEqualsPassword": {
"message": "Your password hint cannot be the same as your password."