Improve HTML escaping helper (#12383)

The previous method did not escape single quotes which under some circumstances can lead to XSS vulnerabilites and the fact that it depends on jQuery is also not ideal. Replace it with a lightweight module. Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2025-07-31 22:58:35 +00:00 · 2020-07-31 04:14:04 +02:00
parent 24f8625790
commit 11dcc17763
3 changed files with 13 additions and 10 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -4372,6 +4372,11 @@
      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.0.2.tgz",
      "integrity": "sha512-gPYAU37hYCUhW5euPeR+Y74F7BL+IBsV93j5cvGriSaD1aG6MGsqsV1yamRdrWrb2j3aiZvb0X+UBOWpx3JWtQ=="
    },
+    "escape-goat": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/escape-goat/-/escape-goat-3.0.0.tgz",
+      "integrity": "sha512-w3PwNZJwRxlp47QGzhuEBldEqVHHhh8/tIPcl6ecf2Bou99cdAt0knihBV0Ecc7CGxYduXVBDheH1K2oADRlvw=="
+    },
    "escape-string-regexp": {
      "version": "1.0.5",
      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",