From c53c789122a51be7c0c7205c34abb53c9aeda961 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Jun 2021 22:03:30 +0000 Subject: [PATCH 1/2] Bump electron from 13.1.1 to 13.1.4 Bumps [electron](https://github.com/electron/electron) from 13.1.1 to 13.1.4. - [Release notes](https://github.com/electron/electron/releases) - [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md) - [Commits](https://github.com/electron/electron/compare/v13.1.1...v13.1.4) --- updated-dependencies: - dependency-name: electron dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 12 ++++++------ package.json | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index 620f2d5..66b9d84 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1660,9 +1660,9 @@ } }, "electron": { - "version": "13.1.1", - "resolved": "https://registry.npmjs.org/electron/-/electron-13.1.1.tgz", - "integrity": "sha512-kySSb5CbIkWU2Kd9mf2rpGZC9p1nWhVVNl+CJjuOUGeVPXHbojHvTkDU1iC8AvV28eik3gqHisSJss40Caprog==", + "version": "13.1.4", + "resolved": "https://registry.npmjs.org/electron/-/electron-13.1.4.tgz", + "integrity": "sha512-4qhRZbRvGqHmMWsCG/kRVF4X8VIq9Nujgm+gXZLBSpiR6uUtMHy7ViBTQZl1PGf6O9Ppxhpr9Yz+k6Um9WoP3Q==", "dev": true, "requires": { "@electron/get": "^1.0.1", @@ -1671,9 +1671,9 @@ }, "dependencies": { "@types/node": { - "version": "14.17.2", - "resolved": "https://registry.npmjs.org/@types/node/-/node-14.17.2.tgz", - "integrity": "sha512-sld7b/xmFum66AAKuz/rp/CUO8+98fMpyQ3SBfzzBNGMd/1iHBTAg9oyAvcYlAj46bpc74r91jSw2iFdnx29nw==", + "version": "14.17.4", + "resolved": "https://registry.npmjs.org/@types/node/-/node-14.17.4.tgz", + "integrity": "sha512-8kQ3+wKGRNN0ghtEn7EGps/B8CzuBz1nXZEIGGLP2GnwbqYn4dbTs7k+VKLTq1HvZLRCIDtN3Snx1Ege8B7L5A==", "dev": true }, "debug": { diff --git a/package.json b/package.json index 033a8c0..684f807 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "@electron-forge/cli": "^6.0.0-beta.57", "@electron-forge/maker-squirrel": "^6.0.0-beta.57", "@electron-forge/maker-zip": "^6.0.0-beta.57", - "electron": "^13.1.1" + "electron": "^13.1.4" }, "dependencies": { "axios": "^0.21.1", From 3b983f12ce526c825a13053673cb3d0426ebdf74 Mon Sep 17 00:00:00 2001 From: Quentin Legot Date: Thu, 1 Jul 2021 20:54:10 +0200 Subject: [PATCH 2/2] fix possible xss exploit with innerHTML --- src/client/assets/js/index.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/client/assets/js/index.js b/src/client/assets/js/index.js index 8e07644..430c637 100644 --- a/src/client/assets/js/index.js +++ b/src/client/assets/js/index.js @@ -21,9 +21,9 @@ document.body.onload = () => { minMem.max = totalMem maxMem.max = totalMem minMem.value = localStorage.getItem("minMem") != null ? localStorage.getItem("minMem") : 1024 - outputMinMem.innerHTML = minMem.value + outputMinMem.textContent = minMem.value maxMem.value = localStorage.getItem("maxMem") != null ? localStorage.getItem("maxMem") : 2048 - outputMaxMem.innerHTML = maxMem.value + outputMaxMem.textContent = maxMem.value demandModsInformations() } @@ -134,10 +134,10 @@ disconnectBtn.addEventListener('click', e => { ipcRenderer.send('disconnect') }) -minMem.addEventListener("input", (e) => { - outputMinMem.innerHTML = e.target.value +minMem.addEventListener("input", e => { + outputMinMem.textContent = e.target.value }) -maxMem.addEventListener("input", (e) => { - outputMaxMem.innerHTML = e.target.value +maxMem.addEventListener("input", e => { + outputMaxMem.textContent = e.target.value }) \ No newline at end of file