jgaunt/CyberChef
2
0
Fork 0
mirror of https://github.com/gchq/CyberChef synced 2025-12-20 18:23:47 +00:00
Code Issues Releases Wiki Activity

Fixed reflected XSS described in issue 1265

Browse Source
This commit is contained in:
Alex Chambers_Jones
2021-10-29 17:59:02 +01:00
parent ae1b12c120
commit d2174725a9
3 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/core/operations/SeriesChart.mjs
View File

@@ -72,7 +72,10 @@ class SeriesChart extends Operation {
fieldDelimiter = Utils.charRep(args[1]),
xLabel = args[2],
pipRadius = args[3],
seriesColours = args[4].split(","),
// Escape HTML from all colours to prevent reflected XSS. See https://github.com/gchq/CyberChef/issues/1265
seriesColours = args[4].split(",").map((colour) => {
return Utils.escapeHtml(colour)
}),
svgWidth = 500,
interSeriesPadding = 20,
xAxisHeight = 50,