checking security

JisanAR03 · Oct 31, 2023 · 525973f · 525973f
1 parent fe7d07a
commit 525973f
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -13,10 +13,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ main ]
+    branches: [ cc ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ main ]
+    branches: [ cc ]
   schedule:
     - cron: '36 16 * * 2'
 

diff --git a/website/static/vendor/bootstrap/js/bootstrap.js b/website/static/vendor/bootstrap/js/bootstrap.js
@@ -19,6 +19,11 @@ function sanitizeSelector(selector) {
     // Use a whitelist approach to only allow valid characters in a selector
     return selector.replace(/[^\w-#.:]/g, '');
 }
+function sanitizeInput(input) {
+    var div = document.createElement('div');
+    div.appendChild(document.createTextNode(input));
+    return div.innerHTML;
+}
 /* ========================================================================
  * Bootstrap: transition.js v3.3.7
  * http://getbootstrap.com/javascript/#transitions
@@ -1576,7 +1581,13 @@ function sanitizeSelector(selector) {
 
     Tooltip.prototype.setContent = function () {
         var $tip = this.tip()
-        var title = escapeHTML(this.getTitle())
+        var title = this.getTitle()
+        if(this.options.html){
+            title = sanitizeInput(title);
+        }
+        else{
+            title = sanitizeSelector(title);
+        }
 
         $tip.find('.tooltip-inner')[this.options.html ? 'html' : 'text'](title)
         $tip.removeClass('fade in top bottom left right')