groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-06-18 08:31:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Avoid usage of raw filter in javascript to minimize risk

Browse source
This commit is contained in:
Jan Böhmer 2026-06-10 23:37:57 +02:00
parent 0c5f8dc9fd
commit b357ee196c
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
templates/projects/import_bom_map_fields.html.twig
View file

@ -132,8 +132,8 @@
<script nonce="{{ csp_nonce('script') }}"> <script nonce="{{ csp_nonce('script') }}">
// Function to initialize the field mapping page // Function to initialize the field mapping page
function initializeFieldMapping() { function initializeFieldMapping() {
const suggestions = {{ suggested_mapping|json_encode|raw }}; const suggestions = JSON.parse("{{ suggested_mapping|json_encode|escape('js')}}");
const fieldNameMapping = {{ field_name_mapping|json_encode|raw }}; const fieldNameMapping = JSON.parse("{{ field_name_mapping|json_encode|escape('js') }}");
Object.keys(suggestions).forEach(function(field) { Object.keys(suggestions).forEach(function(field) {
// Use the sanitized field name from the server-side mapping // Use the sanitized field name from the server-side mapping