rixty
/
SillyTavern
mirror of https://github.com/SillyTavern/SillyTavern.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

/echo html allowed sanitize title too

This commit is contained in:
Wolfsblvt 2024-09-06 21:18:16 +02:00
parent 50a716a593
commit 63c6fbaf58
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
public/scripts/slash-commands.js
View File

@ -2227,7 +2227,7 @@ async function echoCallback(args, value) {
// Make sure that the value is a string // Make sure that the value is a string
value = String(value); value = String(value);
const title = args.title ? args.title : undefined; let title = args.title ? args.title : undefined;
const severity = args.severity ? args.severity : 'info'; const severity = args.severity ? args.severity : 'info';
/** @type {ToastrOptions} */ /** @type {ToastrOptions} */
@ -2259,6 +2259,7 @@ async function echoCallback(args, value) {
// If we allow HTML, we need to sanitize it to prevent security risks // If we allow HTML, we need to sanitize it to prevent security risks
if (!options.escapeHtml) { if (!options.escapeHtml) {
if (title) title = DOMPurify.sanitize(title, { FORBID_TAGS: ['style'] });
value = DOMPurify.sanitize(value, { FORBID_TAGS: ['style'] }); value = DOMPurify.sanitize(value, { FORBID_TAGS: ['style'] });
} }