fix eclipse-theia#6987 XSS vulnerability in browser sidebar

Change simply updates innerHtml to innerText to ensure user supplied content does not impact the dom. Signed-off-by: Casey Flynn <caseyflynn@google.com>
JesterOrNot · Mar 12, 2020 · 1b80dac · 1b80dac
1 parent ed6cffd
commit 1b80dac
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/core/src/browser/shell/side-panel-toolbar.ts b/packages/core/src/browser/shell/side-panel-toolbar.ts
@@ -96,7 +96,7 @@ export class SidePanelToolbar extends BaseWidget {
     set toolbarTitle(title: Title<Widget> | undefined) {
         if (this.titleContainer && title) {
             this._toolbarTitle = title;
-            this.titleContainer.innerHTML = this._toolbarTitle.label;
+            this.titleContainer.innerText = this._toolbarTitle.label;
             this.titleContainer.title = this._toolbarTitle.caption || this._toolbarTitle.label;
             this.update();
         }