Merge pull request #91 from jobready/NEP-9779

NEP-9779 React filter-bar: XSS proofing
rdytech · Jun 2, 2020 · 9e609d7 · 9e609d7
2 parents 53f440b + dfc6689
commit 9e609d7
Show file tree

Hide file tree

Showing 8 changed files with 16,813 additions and 20,654 deletions.
diff --git a/dist/react-filterbar.js b/dist/react-filterbar.js
diff --git a/dist/react-filterbar.min.js b/dist/react-filterbar.min.js
diff --git a/example/books.json b/example/books.json
diff --git a/example/public/js/react-filterbar.js b/example/public/js/react-filterbar.js
diff --git a/example/views/index.haml b/example/views/index.haml
@@ -205,6 +205,7 @@
                     %dl.author
                       %dt.heading{ data: { value: "Author" } }
                       %dt.field{ data: { value: "author" } }
+                      %dt.type{ data: { value: "html" } }
                     %dl.title
                       %dt.heading{ data: { value: "Title" } }
                       %dt.field{ data: { value: "title" } }

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "react-filterbar",
-  "version": "1.20",
+  "version": "1.21",
   "description": "",
   "main": "dist/react-filterbar.js",
   "engines": {

diff --git a/src/components/Table/BodyCell.react.js b/src/components/Table/BodyCell.react.js
@@ -6,9 +6,18 @@ export class BodyCell extends React.Component {
   render() {
     var content = this.props.value;
 
-    return (
-      <td style={this.props.style} dangerouslySetInnerHTML={{__html: content}} />
-    );
+    if (this.props.type === 'html') {
+      return (
+        <td style={this.props.style} dangerouslySetInnerHTML={{__html: content}} />
+      );
+    }
+    else {
+      return (
+        <td style={this.props.style}>
+          {content}
+        </td>
+      );
+    }
   }
 }