gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(security): treat messages as text, not HTML (#38062)

Browse Source
This commit is contained in:
Oliver Eyton-Williams
2020-01-13 10:56:29 +01:00
committed by Ahmad Abdolsaheb
parent 978bae6716
commit bb5a9e8153
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
client/src/components/Flash/index.js
View File

@ -11,7 +11,7 @@ function Flash({ flashMessage, onClose }) {
<TransitionGroup> <TransitionGroup>
<CSSTransition classNames='flash-message' key={id} timeout={500}> <CSSTransition classNames='flash-message' key={id} timeout={500}>
<Alert bsStyle={type} className='flash-message' onDismiss={onClose}> <Alert bsStyle={type} className='flash-message' onDismiss={onClose}>
<div dangerouslySetInnerHTML={{ __html: message }} /> {message}
</Alert> </Alert>
</CSSTransition> </CSSTransition>
</TransitionGroup> </TransitionGroup>