Skip to content

Commit

Permalink
fix: css selector string escaping vulnerability (#888)
Browse files Browse the repository at this point in the history
Resolves #888
  • Loading branch information
cotes2020 committed Feb 14, 2023
1 parent c3a8400 commit 5c6ec9d
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion _javascript/utils/smooth-scroll.js
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ $(function () {
const hash = decodeURI(this.hash);
let toFootnoteRef = RegExp(/^#fnref:/).test(hash);
let toFootnote = toFootnoteRef ? false : RegExp(/^#fn:/).test(hash);
let selector = hash.includes(":") ? hash.replace(/:/g, "\\:") : hash;
let selector = '#' + $.escapeSelector(hash.substring(1));
let $target = $(selector);

let isMobileViews = $topbarTitle.is(":visible");
Expand Down
2 changes: 1 addition & 1 deletion assets/js/dist/page.min.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 5c6ec9d

Please sign in to comment.