Fix code scanning alert no. 17: Client-side cross-site scripting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
cooljeanius · Sep 25, 2024 · a39ecbc · a39ecbc
1 parent 500a42d
commit a39ecbc
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/GhidraDocs/GhidraClass/Intermediate/HeadlessAnalyzer_withNotes.html b/GhidraDocs/GhidraClass/Intermediate/HeadlessAnalyzer_withNotes.html
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-
+<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.4/purify.min.js"></script>
 <meta charset="utf8" http-equiv="X-UA-Compatible" content="IE=Edge">
 <title>Headless Analyzer</title>
 
@@ -220,8 +220,10 @@
     if (aEvent.source === this.views.present) {
       if (argv[0] === "NOTES" && argc === 2)
         $("#notes > #content").innerHTML = this.notes = argv[1];
-      if (argv[0] === "REGISTERED" && argc === 3)
-        $("#slidecount").innerHTML = argv[2];
+      if (argv[0] === "REGISTERED" && argc === 3) {
+        var sanitizedValue = DOMPurify.sanitize(argv[2]);
+        $("#slidecount").innerHTML = sanitizedValue;
+      }
     }
   }