fix: potential XSS when `tooltipLabel` or `strokeStyle` are controlled by users

joewalnes / smoothie

Smoothie Charts: smooooooth JavaScript charts for realtime streaming data

http://smoothiecharts.org

Other

2.25k stars 232 forks source link

fix: potential XSS when `tooltipLabel` or `strokeStyle` are controlled by users #147

Closed WofWca closed 2 years ago

WofWca commented 2 years ago

This doesn't completely get rid of innerHTML usage, but at least now the developer is responsible for tooltipFormatter not returning dangerous HTML if they decide to override it.