Comments (3)
rtfpessoa
commented on September 23, 2024
diff2html handles escaping already so you should not need to escape anything before invoking it.
Can you provide an example to replicate the problem?
from diff2html.
cyn8
commented on September 23, 2024
I ended up changing the code around so that the diff variable is filled with the contents of a separate request made in JS. I originally had just rendered the page with the unescaped contents within the <script> tag, which could lead to cross-site scripting if provided with a malicious diff.
I guess an option to enable/disable the escaping provided by diff2html would be nice, but there are other ways to solve the problem I should've looked into. Thanks for the quick reply.
from diff2html.
rtfpessoa
commented on September 23, 2024
Not sure I understand what you mean, but diff2html should not be vulnerable to any type of injection.
If it is I would like to know about it a fix it. So if you were able to please provide an example.
from diff2html.
Related Issues (20)
- Blank context lines are ignored by diff parser HOT 1
- Vertical align mismatch between inserted/deleted text and matching
- Code breaking when there is no change in a line HOT 3
- Is it possible to generate single html report for multiple git repos? HOT 1
- Unknown argument: diff.txt HOT 1
- 12341
- If the diffString contains special symbols, the page will report an error HOT 1
- Diff2html fails with Error: Cannot find module 'tslib'
- Slim version doesn't fallback to 'plaintext' on unsupported file type HOT 4
- File list links are not working in Angular integration for diff2html-ui HOT 2
- CSS not working inside shadow DOM
- Feature request: option to only show first n files HOT 3
- when execute git diff --word-diff-regex=. ,diff2html is not work HOT 1
- how to make `diff2html` display line breaks for line-by-line view ?? HOT 1
- Backslashes removed in title e.g. C:\dev\alex\test.json -> C:devalex.json HOT 2
- Problems with multiline code blocks highlighted incorrectly HOT 1
- How to hightlight space in new Line? HOT 4
- How to support comments? HOT 1
- How to support code review functionality ? HOT 1
- Documentation Improvement? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from diff2html.