Compare commits

..

2 Commits

Author SHA1 Message Date
n1474335
7e7da26f29 5.2.1 2017-04-24 11:54:05 +00:00
n1474335
4375a151dd BUGFIX #119: Recipe names are now correctly escaped. 2017-04-24 11:53:55 +00:00
2 changed files with 4 additions and 3 deletions

View File

@@ -1,6 +1,6 @@
{
"name": "cyberchef",
"version": "5.2.0",
"version": "5.2.1",
"description": "CyberChef is a simple, intuitive web app for analysing and decoding data within a web browser.",
"author": "n1474335 <n1474335@gmail.com>",
"homepage": "https://gchq.github.io/CyberChef",

View File

@@ -244,7 +244,7 @@ ControlsWaiter.prototype.loadClick = function() {
* Saves the recipe specified in the save textarea to local storage.
*/
ControlsWaiter.prototype.saveButtonClick = function() {
var recipeName = document.getElementById("save-name").value,
var recipeName = Utils.escapeHtml(document.getElementById("save-name").value),
recipeStr = document.getElementById("save-text").value;
if (!recipeName) {
@@ -288,7 +288,8 @@ ControlsWaiter.prototype.populateLoadRecipesList = function() {
for (i = 0; i < savedRecipes.length; i++) {
var opt = document.createElement("option");
opt.value = savedRecipes[i].id;
opt.innerHTML = savedRecipes[i].name;
// Unescape then re-escape in case localStorage has been corrupted
opt.innerHTML = Utils.escapeHtml(Utils.unescapeHtml(savedRecipes[i].name));
loadNameEl.appendChild(opt);
}