diff options
| author | Ashelyn Rose <git@ashen.earth> | 2025-05-10 21:05:49 -0600 |
|---|---|---|
| committer | Ashelyn Rose <git@ashen.earth> | 2025-05-10 21:05:49 -0600 |
| commit | 7bf526e6c44fb95894dae18ee7c2c70074fd1c8d (patch) | |
| tree | be6c278f136c64161169860bc160d9452bd2f105 | |
| parent | e8c3b267cfc188de48de20f88d6b46b60db3cd34 (diff) | |
Fix CSS content escape
| -rw-r--r-- | index.js | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/index.js b/index.js index 563095b..dae7762 100644 --- a/index.js +++ b/index.js @@ -315,7 +315,7 @@ function renderEvent({type, userId: eventUserId, args}, {userId: currentUserId, } & .content::before { - content: '${args.content.replace(/' /g, "\\27\\ ").replace(/'/g, "\\27")}'; + content: '${sanitizeCSSContent(args.content)}'; } & .content::after { @@ -400,3 +400,10 @@ function sanitizeText(str) { .replace(/"/g, '"') .replace(/'/g, ''') } + +function sanitizeCSSContent(str) { + return str + .replace(/\\/g, '\\\\') + .replace(/' /g, "\\27\\ ") + .replace(/'/g, "\\27") +} |