Avoid potential clipboard based cross-site scripting

2023-05-16 19:51:41 -07:00 · 2023-05-16 19:51:41 -07:00 · 26b6eebb78
parent fe5fd9f774
commit 26b6eebb78
2 changed files with 2 additions and 2 deletions
--- a/assets/js/app.min.js
+++ b/assets/js/app.min.js
@ -165,7 +165,7 @@ container.add(KB.dom('select').attr('aria-label',getAriaLabelValue()).change(onC
 return container.build()}
 this.render=function(){componentElement=buildComponentElement();containerElement.appendChild(componentElement)}});KB.component('screenshot',function(containerElement){var pasteCatcher=null;var inputElement=null;function onFileLoaded(e){createImage(e.target.result)}
 function onPaste(e){if(e.clipboardData&&e.clipboardData.items){var items=e.clipboardData.items;if(items){for(var i=0;i<items.length;i++){if(items[i].type.indexOf("image")!==-1){var blob=items[i].getAsFile();var reader=new FileReader();reader.onload=onFileLoaded;reader.readAsDataURL(blob)}}}}else{setTimeout(checkInput,100)}}
-function initialize(){destroy();if(!window.Clipboard){pasteCatcher=document.createElement('div');pasteCatcher.id='screenshot-pastezone';pasteCatcher.contentEditable=!0;pasteCatcher.style.opacity=0;pasteCatcher.style.position='fixed';pasteCatcher.style.top=0;pasteCatcher.style.right=0;pasteCatcher.style.width=0;document.body.insertBefore(pasteCatcher,document.body.firstChild);pasteCatcher.focus();document.addEventListener('click',setFocus);document.getElementById('screenshot-zone').addEventListener('click',setFocus)}
+function initialize(){destroy();if(!window.Clipboard){pasteCatcher=document.createElement('template');pasteCatcher.id='screenshot-pastezone';pasteCatcher.contentEditable=!0;pasteCatcher.style.opacity=0;pasteCatcher.style.position='fixed';pasteCatcher.style.top=0;pasteCatcher.style.right=0;pasteCatcher.style.width=0;document.body.insertBefore(pasteCatcher,document.body.firstChild);pasteCatcher.focus();document.addEventListener('click',setFocus);document.getElementById('screenshot-zone').addEventListener('click',setFocus)}
 window.addEventListener('paste',onPaste,!1)}
 function destroy(){if(KB.exists('#screenshot-pastezone')){KB.find('#screenshot-pastezone').remove()}
 document.removeEventListener('click',setFocus);pasteCatcher=null}
--- a/assets/js/components/screenshot.js
+++ b/assets/js/components/screenshot.js
@ -36,7 +36,7 @@ KB.component('screenshot', function (containerElement) {

        if (! window.Clipboard) {
            // Insert the content editable at the top to avoid scrolling down in the board view
-            pasteCatcher = document.createElement('div');
+            pasteCatcher = document.createElement('template');
            pasteCatcher.id = 'screenshot-pastezone';
            pasteCatcher.contentEditable = true;
            pasteCatcher.style.opacity = 0;