protect against script tags

contactashish13 · contactashish13 · commit 5053663e5a6d · 2020-04-28T12:00:58.000+05:30
diff --git a/js/render-datatables.js b/js/render-datatables.js
@@ -269,10 +269,10 @@
             default:
                 render = $.fn.dataTable.render.extra = function ( data, type, row ) {
                     if((data === true || data === 'true') && typeof series.format !== 'undefined' && series.format.truthy !== ''){
-                        data = series.format.truthy;
+                        data = series.format.truthy.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '');
                     }
                     if((data === false || data === 'false') && typeof series.format !== 'undefined' && series.format.falsy !== ''){
-                        data = series.format.falsy;
+                        data = series.format.falsy.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '');
                     }
                     return data;
                 }

Original file line number	Diff line number	Diff line change
`@@ -269,10 +269,10 @@`
`269`	`269`	`default:`
`270`	`270`	`render = $.fn.dataTable.render.extra = function ( data, type, row ) {`
`271`	`271`	`if((data === true \|\| data === 'true') && typeof series.format !== 'undefined' && series.format.truthy !== ''){`
`272`		`- data = series.format.truthy;`
	`272`	`+ data = series.format.truthy.replace(/<script\b[^<](?:(?!<\/script>)<[^<])*<\/script>/gi, '');`
`273`	`273`	`}`
`274`	`274`	`if((data === false \|\| data === 'false') && typeof series.format !== 'undefined' && series.format.falsy !== ''){`
`275`		`- data = series.format.falsy;`
	`275`	`+ data = series.format.falsy.replace(/<script\b[^<](?:(?!<\/script>)<[^<])*<\/script>/gi, '');`
`276`	`276`	`}`
`277`	`277`	`return data;`
`278`	`278`	`}`