EW-793 Prevent script injection

hpi-schul-cloud · Jun 6, 2024 · 985a88f · 985a88f
1 parent 02bffc4
commit 985a88f
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/apps/server/src/modules/learnroom/mapper/common-cartridge-export.mapper.ts b/apps/server/src/modules/learnroom/mapper/common-cartridge-export.mapper.ts
@@ -142,6 +142,7 @@ export class CommonCartridgeExportMapper {
 
 	private getTextTitle(text: string): string {
 		let title = text.slice(0, 50).replace(/<[^>]*>?/gm, '');
+		title = title.replace(/<script/gi, '&lt;script');
 		if (text.length > 50) {
 			title = title.concat('...');
 		}