Fixed notifications titles not html escaped (fixes #1272)

2025-11-15 09:46:06 +01:00 · 2018-03-10 13:17:33 -08:00
parent 51482313b3
commit 7477ab66d5
3 changed files with 8 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,9 @@

 1. [](#bugfix)
    * Automatically redirect to new `admin_route` after changing it [#1371](https://github.com/getgrav/grav-plugin-admin/issues/1371)
+    * Added shortcut in Editor for links: CTRL+K / CMD+K [#1279](https://github.com/getgrav/grav-plugin-admin/issues/1279)
+    * Fixed mediapicker field in lists [#1369](https://github.com/getgrav/grav-plugin-admin/issues/1369)
+    * Fixed notifications titles not html escaped [#1272](https://github.com/getgrav/grav-plugin-admin/issues/1272)

 # v1.7.0
 ## 03/09/2018
--- a/themes/grav/app/updates/notifications.js
+++ b/themes/grav/app/updates/notifications.js
@@ -36,10 +36,12 @@ class Notifications {
        }

        if (notification.link) {
+            const title = document.createElement('div');
+            title.innerHTML = notification.message;
            content.append(`
                <li class="single-notification ${hidden}">
                    <span class="badge alert ${notification.type}">${notification.intro_text}</span>
-                    <a target="_blank" href="${notification.link}" title="${notification.message}">${notification.message}</a>
+                    <a target="_blank" href="${notification.link}" title="${(title.textContent || title.innerText || '')}">${notification.message}</a>
                </li>
            `);
        } else {
--- a/themes/grav/js/admin.min.js
+++ b/themes/grav/js/admin.min.js