Skip to content

Commit 1648841

Browse files
jsvinejsvine
authored
Merge pull request #47 from roman-mibex-2/prevent-xss-in-svg-and-latex
Prevent XSS in Latex and SVG Elements
2 parents 8d41559 + 510121e commit 1648841

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

notebook.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -130,15 +130,15 @@
130130

131131
nb.display.svg = function (svg) {
132132
var el = makeElement("div", [ "svg-output" ]);
133-
el.innerHTML = joinText(svg);
133+
el.innerHTML = nb.sanitizer(joinText(svg));
134134
return el;
135135
};
136136
nb.display["text/svg+xml"] = nb.display.svg;
137137
nb.display["image/svg+xml"] = nb.display.svg;
138138

139139
nb.display.latex = function (latex) {
140140
var el = makeElement("div", [ "latex-output" ]);
141-
el.innerHTML = joinText(latex);
141+
el.innerText = joinText(latex).replace(/\n/g,"");
142142
return el;
143143
};
144144
nb.display["text/latex"] = nb.display.latex;

notebook.min.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)