Fix XSS in default example plugin (#15711)

* Fix XSS in default example plugin on* html fields are hard to escape properly, avoid putting user input there * Apply fixes from StyleCI --------- Co-authored-by: StyleCI Bot <bot@styleci.io>
2024-10-07 16:52:45 +00:00 · 2024-01-08 10:08:41 -06:00
parent 166026d251
commit ca891b477e
1 changed files with 3 additions and 3 deletions
--- a/app/Plugins/ExamplePlugin/resources/views/settings.blade.php
+++ b/app/Plugins/ExamplePlugin/resources/views/settings.blade.php
@@ -18,7 +18,7 @@
            </td>
            <td>
                <input id="value-{{ $value }}" type="text" name="settings[{{ $name }}]" value="{{ $value }}">
-                <button type="button" onclick="deleteSetting('{{ $name }}')" class="delete-button"><i class="fa fa-trash"></i></button>
+                <button id="delete-{{ $name }}" type="button" onclick="deleteSetting(this.id)" class="delete-button"><i class="fa fa-trash"></i></button>
            </td>
        </tr>
    @empty
@@ -79,8 +79,8 @@
        document.getElementById('new-setting-value').value = '';
    }

-    function deleteSetting(name) {
-        document.getElementById('settings-row-' + name).remove();
+    function deleteSetting(nameId) {
+        document.getElementById('settings-row-' + nameId.substring(7)).remove();
    }
 </script>