mirror of
https://github.com/node-red/node-red.git
synced 2023-10-10 13:36:53 +02:00
Ensure any html in changelog is escaped before displaying
This commit is contained in:
Nick O'Leary
parent
977dfe700b
commit
fa4b7a1a69
@ -45,7 +45,7 @@ Editor
|
|||||||
- Update Node-RED Function typings in Monaco (#3008) @Steve-Mcl
|
- Update Node-RED Function typings in Monaco (#3008) @Steve-Mcl
|
||||||
- Add css named variables for certain key colours (#2994) @knolleary
|
- Add css named variables for certain key colours (#2994) @knolleary
|
||||||
- Improve contrast of export dialog JSON font color
|
- Improve contrast of export dialog JSON font color
|
||||||
- Switch editableList buttons from \<a\> to \<button\> elements
|
- Switch editableList buttons from <a> to <button> elements
|
||||||
- Add option to RED.nodes.createCompleteNodeSet to include node dimensions
|
- Add option to RED.nodes.createCompleteNodeSet to include node dimensions
|
||||||
- Fix css of node help table of contents elements
|
- Fix css of node help table of contents elements
|
||||||
- Improve red-ui-node-icon css and add red-ui-node-icon-small modifier class
|
- Improve red-ui-node-icon css and add red-ui-node-icon-small modifier class
|
||||||
|
|||||||
@ -540,6 +540,8 @@ var RED = (function() {
|
|||||||
|
|
||||||
function showAbout() {
|
function showAbout() {
|
||||||
$.get('red/about', function(data) {
|
$.get('red/about', function(data) {
|
||||||
|
// data will be strictly markdown. Any HTML should be escaped.
|
||||||
|
data = RED.utils.sanitize(data);
|
||||||
var aboutHeader = '<div style="text-align:center;">'+
|
var aboutHeader = '<div style="text-align:center;">'+
|
||||||
'<img width="50px" src="red/images/node-red-icon.svg" />'+
|
'<img width="50px" src="red/images/node-red-icon.svg" />'+
|
||||||
'</div>';
|
'</div>';
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user