mirror/reveal.js
1
0
Fork 0
mirror of https://github.com/hakimel/reveal.js.git synced 2025-04-21 04:52:14 +02:00
Code Issues Releases Wiki Activity

fix: use setAttribute instead of innerHTML to prevent xss

Browse Source
This commit is contained in:
Michael Wang 2023-12-15 13:59:27 +08:00
parent 993b8f302a
commit 89ab00a4a1
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
js/controllers/slidecontent.js
View File

@ -142,13 +142,15 @@ export default class SlideContent {
// Support comma separated lists of video sources
backgroundVideo.split( ',' ).forEach( source => {
const sourceElement = document.createElement( 'source' );
sourceElement.setAttribute( 'src', source );
let type = getMimeTypeFromFile( source );
if( type ) {
video.innerHTML += `<source src="${source}" type="${type}">`;
}
else {
video.innerHTML += `<source src="${source}">`;
sourceElement.setAttribute( 'type', type );
}
video.appendChild( sourceElement );
} );
backgroundContent.appendChild( video );