Skip to content

Commit

Permalink
fix(tooltip): fix tooltip XSS issue when legend name is HTML string
Browse files Browse the repository at this point in the history
  • Loading branch information
@plainheart
plainheart committed Jun 18, 2024
1 parent a282471 commit ad947d6
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 24 deletions.
4 changes: 3 additions & 1 deletion src/util/graphic.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ import {
} from 'zrender/src/core/util';
import { getECData } from './innerStore';
import ComponentModel from '../model/Component';
import { encodeHTML } from 'zrender/src/core/dom';


import {
Expand Down Expand Up @@ -600,10 +601,11 @@ export function setTooltipConfig(opt: {
const ecData = getECData(opt.el);
ecData.componentMainType = mainType;
ecData.componentIndex = componentIndex;

ecData.tooltipConfig = {
name: itemName,
option: defaults({
content: itemName,
content: encodeHTML(itemName),
formatterParams: formatterParams
}, itemTooltipOptionObj)
};
Expand Down
51 changes: 28 additions & 23 deletions test/tooltip.html
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit ad947d6

Please sign in to comment.