Update tablesort.js - security fix

To fix DOM text is reinterpreted as HTML without escaping meta-characters. (CodeQL)
Tontonitch · Sep 21, 2023 · 81f0b40 · 81f0b40
1 parent 759c645
commit 81f0b40
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/share/js/tablesort.js b/share/js/tablesort.js
@@ -226,7 +226,7 @@ fdTableSort = {
 
                                                 aclone = a.cloneNode(true);
                                                 //aclone.appendChild(document.createTextNode(thtext));
-                                                aclone.innerHTML = thtext;
+                                                aclone.innerText = thtext;
                                                 aclone.title = "Sort on \u201c" + thtext.replace('<br />', '') + "\u201d";
                                                 aclone.onclick = aclone.onkeydown = workArr[c][i].onclick = fdTableSort.initWrapper;
                                                 workArr[c][i].appendChild(aclone);