Skip to content

Commit

Permalink
Removed DOMXSS vulnerability noticed by Kodiak
Browse files Browse the repository at this point in the history
  • Loading branch information
Denys Fedotov authored and Denys Fedotov committed May 29, 2024
1 parent 29d0a16 commit 45981f5
Showing 1 changed file with 11 additions and 3 deletions.
14 changes: 11 additions & 3 deletions libs/features/personalization/preview.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,10 +254,18 @@ function createPreviewPill(manifests) {
</div>
</div>
</div>
</div>
<div class="dark">
<a class="con-button outline button-l" href="${simulateHref.href}" title="Preview above choices">Preview</a>
</div>`;

const darkDiv = document.createElement('div')
const button = document.createElement('a')
darkDiv.className = 'dark'
button.className = 'con-button outline button-l'
button.title = 'Preview above choices'
button.text = 'Preview'
button.href = simulateHref.href
darkDiv.append(button)
div.append(darkDiv)

overlay.append(div);
addPillEventListeners(div);
}
Expand Down

0 comments on commit 45981f5

Please sign in to comment.