Skip to content

Commit

Permalink
fixed all JS code should be stripped from inline CSS
Browse files Browse the repository at this point in the history
  • Loading branch information
@albogdano
albogdano committed Nov 26, 2021
1 parent efb5707 commit d5c2bc5
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions src/main/java/com/erudika/scoold/utils/ScooldUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1780,8 +1780,7 @@ public String getInlineCSS() {
FILE_CACHE.put("theme", themeName);
}
}
loadedTheme = StringUtils.replaceEachRepeatedly(loadedTheme,
new String[] {"<", "</", "<script", "<SCRIPT"}, new String[] {"", "", "", ""});
loadedTheme = StringEscapeUtils.escapeEcmaScript(loadedTheme);
return loadedTheme + "\n/*** END OF THEME CSS ***/\n" + inline;
} catch (Exception e) {
logger.debug("Failed to load inline CSS.");
Expand Down

0 comments on commit d5c2bc5

Please sign in to comment.