jcarr
/
noVNC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
noVNC/app
History
Solly Ross 6048299a13 Use textContent instead of innerHTML 
Previously, setting `innerHTML` was used to display the statuses.  These
could include content communicated from the remote VNC server, allowing
the remove VNC server to inject HTML into the noVNC page.

This commit switches all uses of `innerHTML` to use `textContent`, which
is not vulnerable to the HTML injection.
 		2017-01-12 14:47:36 -05:00
..
images Group WebSocket settings together 2017-01-04 15:05:01 +01:00
locale Update Greek translation 2016-11-24 12:18:59 +02:00
sounds Support RFB bell 2016-09-22 11:15:42 +02:00
styles Avoid wrapping labels 2017-01-04 15:05:59 +01:00
ui.js Use textContent instead of innerHTML 2017-01-12 14:47:36 -05:00
webutil.js Remove alternative style sheets 2017-01-04 15:05:01 +01:00