javascript/ionic-framework
1
0
Fork 0
mirror of https://github.com/ionic-team/ionic-framework.git synced 2025-08-18 03:00:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(): sanitize components using innerHTML (#18083)

Browse Source 
fixes #18065
This commit is contained in:
Liam DeBeasi
2019-04-26 11:56:37 -04:00
committed by GitHub
parent 0fa645b8cc
commit d12757f975
12 changed files with 359 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/src/components/infinite-scroll-content/infinite-scroll-content.tsx
View File

@ -1,6 +1,7 @@
import { Component, ComponentInterface, Prop } from '@stencil/core';
import { Config, Mode, SpinnerTypes } from '../../interface';
import { sanitizeDOMString } from '../../utils/sanitization';
@Component({
tag: 'ion-infinite-scroll-content',
@ -22,6 +23,12 @@ export class InfiniteScrollContent implements ComponentInterface {
/**
* Optional text to display while loading.
* `loadingText` can accept either plaintext or HTML as a string.
* To display characters normally reserved for HTML, they
* must be escaped. For example `<Ionic>` would become
* `&lt;Ionic&gt;`
*
* For more information: [Security Documentation](https://ionicframework.com/docs/faq/security)
*/
@Prop() loadingText?: string;
@ -54,7 +61,7 @@ export class InfiniteScrollContent implements ComponentInterface {
</div>
)}
{this.loadingText && (
<div class="infinite-loading-text" innerHTML={this.loadingText} />
<div class="infinite-loading-text" innerHTML={sanitizeDOMString(this.loadingText)} />
)}
</div>
);