rixty/SillyTavern
1
0
Fork 0
mirror of https://github.com/SillyTavern/SillyTavern.git synced 2025-06-05 21:59:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

/popup allow header arg, with sanitization

Browse Source
This commit is contained in:
Wolfsblvt
2024-09-06 23:14:52 +02:00
parent a9c0dd38c7
commit e4e10c3d6b
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
public/scripts/slash-commands.js
View File

@@ -1908,7 +1908,9 @@ async function buttonsCallback(args, text) {
}
async function popupCallback(args, value) {
const safeValue = DOMPurify.sanitize(value || '');
const safeBody = DOMPurify.sanitize(value || '');
const safeHeader = args?.header && typeof args?.header === 'string' ? DOMPurify.sanitize(args.header) : null;
/** @type {import('./popup.js').PopupOptions} */
const popupOptions = {
large: isTrueBoolean(args?.large),
@@ -1918,7 +1920,7 @@ async function popupCallback(args, value) {
okButton: args?.okButton !== undefined && typeof args?.okButton === 'string' ? args.okButton : 'Ok',
cancelButton: args?.cancelButton !== undefined && typeof args?.cancelButton === 'string' ? args.cancelButton : null,
};
await callGenericPopup(safeValue, POPUP_TYPE.TEXT, '', popupOptions);
await Popup.show.text(safeHeader, safeBody, popupOptions);
return String(value);
}