🚨 Sanitize input text in comment (#1526)

AtCoder-NoviSteps · Dec 3, 2024 · 923d2bf · 923d2bf
1 parent 716f376
commit 923d2bf
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/lib/components/WorkBookTasks/WorkBookTasksTable.svelte b/src/lib/components/WorkBookTasks/WorkBookTasksTable.svelte
@@ -1,4 +1,6 @@
 <script lang="ts">
+  import xss from 'xss';
+
   import {
     Label,
     Table,
@@ -33,7 +35,7 @@
     const target = event.target as HTMLElement;
 
     if (target && target instanceof HTMLElement) {
-      const newComment = target.innerText as string;
+      const newComment = xss(target.innerText as string);
 
       // HACK: 代替手段として、50文字以下の場合のみ更新
       if (newComment.length <= 50) {