fix: css selector string escaping vulnerability (#888)

Resolves #888
cotes2020 · Feb 14, 2023 · 5c6ec9d · 5c6ec9d
1 parent c3a8400
commit 5c6ec9d
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/_javascript/utils/smooth-scroll.js b/_javascript/utils/smooth-scroll.js
@@ -28,7 +28,7 @@ $(function () {
             const hash = decodeURI(this.hash);
             let toFootnoteRef = RegExp(/^#fnref:/).test(hash);
             let toFootnote = toFootnoteRef ? false : RegExp(/^#fn:/).test(hash);
-            let selector = hash.includes(":") ? hash.replace(/:/g, "\\:") : hash;
+            let selector = '#' + $.escapeSelector(hash.substring(1));
             let $target = $(selector);
 
             let isMobileViews = $topbarTitle.is(":visible");

diff --git a/assets/js/dist/page.min.js b/assets/js/dist/page.min.js