shaw/SillyTavern
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity

fix: improve sanitation of toasts that bypass HTML escaping (#5540)

Browse Source 
* fix: improve sanitation of toasts that bypass HTML escaping

* fix: replace absolute lib.js import with relative

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Cohee
2026-04-28 01:00:31 +03:00
committed by GitHub
parent bd9479fef8
commit 2e4ca3dabf
5 changed files with 18 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/scripts/action-loader-slashcommands.js
+3 -2
View File
@@ -7,6 +7,7 @@ import { commonEnumProviders, enumIcons } from './slash-commands/SlashCommandCom
import { SlashCommandEnumValue, enumTypes } from './slash-commands/SlashCommandEnumValue.js';
import { SlashCommandParser } from './slash-commands/SlashCommandParser.js';
import { isFalseBoolean } from './utils.js';
import { DOMPurify } from '../lib.js';
/**
* Registers slash commands for the action loader module.
@@ -275,8 +276,8 @@ export function registerActionLoaderSlashCommands() {
slug: typeof args.slug === 'string' ? String(args.slug) : 'slash-show',
blocking,
toastMode,
message,
title,
message: DOMPurify.sanitize(message),
title: DOMPurify.sanitize(title),
stopTooltip,
onStop: createClosureHandler(args.onStop),
onHide: createClosureHandler(args.onHide, { argName: 'onHide' }),