Sanitizsation of incoming variables that are added to the userStyles

This commit is contained in:
Knut Sveidqvist
2022-06-21 21:46:37 +02:00
parent ec2da8e85d
commit 610f154c74
3 changed files with 38 additions and 0 deletions

View File

@@ -385,6 +385,8 @@ const render = function (id, _txt, cb, container) {
let userStyles = '';
// user provided theme CSS
// If you add more configuration driven data into the user styles make sure that the value is
// sanitized bye the santiizeCSS function
if (cnf.themeCSS !== undefined) {
userStyles += `\n${cnf.themeCSS}`;
}