public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Options always shown below the group no matter how the list is sorted

Browse source 
XSS protection for tables and trees
This commit is contained in:
Tomas Bures 2017-08-13 11:32:31 +02:00
parent e230510b72
commit d9211377dd
6 changed files with 96 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

15
client/src/lib/table.js
View file

@ -239,8 +239,21 @@ class Table extends Component {
type: 'html',
createdCell: createdCellFn
});
}
// FIXME, sift all columns through renderToStaticMarkup in order to sanitize the HTML
// XSS protection
for (const column of columns) {
const originalRender = column.render;
column.render = (data, ...rest) => {
if (originalRender) {
const markup = originalRender(data, ...rest);
return ReactDOMServer.renderToStaticMarkup(<div>{markup}</div>);
} else {
return ReactDOMServer.renderToStaticMarkup(<div>{data}</div>)
}
};
column.title = ReactDOMServer.renderToStaticMarkup(<div>{column.title}</div>);
}
const dtOptions = {