diff --git a/Update.json b/Update.json
index 6fbb2c7b..f0d3fa62 100644
--- a/Update.json
+++ b/Update.json
@@ -2718,6 +2718,17 @@
}
],
"Notes": "If you are curious why the version number is v1.3.0, it's because we changed our versioning strategy! Click here for more details."
+ },
+ "1.3.1": {
+ "UpdateDate": 1739060055956,
+ "Prerelease": true,
+ "UpdateContents": [
+ {
+ "PR": 774,
+ "Description": "Fix code scanning alert - DOM text reinterpreted as HTML"
+ }
+ ],
+ "Notes": "No release notes were provided for this release."
}
}
}
\ No newline at end of file
diff --git a/XMOJ.user.js b/XMOJ.user.js
index 5e0378a5..3821580f 100644
--- a/XMOJ.user.js
+++ b/XMOJ.user.js
@@ -1,6 +1,6 @@
// ==UserScript==
// @name XMOJ
-// @version 1.3.0
+// @version 1.3.1
// @description XMOJ增强脚本
// @author @XMOJ-Script-dev, @langningchen and the community
// @namespace https://github/langningchen
@@ -41,6 +41,19 @@
const CaptchaSiteKey = "0x4AAAAAAALBT58IhyDViNmv";
const AdminUserList = ["zhuchenrui2", "shanwenxiao", "admin"];
+let escapeHTML = (str) => {
+ return str.replace(/[&<>"']/g, function (match) {
+ const escape = {
+ '&': '&',
+ '<': '<',
+ '>': '>',
+ '"': '"',
+ "'": '''
+ };
+ return escape[match];
+ });
+};
+
let PurifyHTML = (Input) => {
try {
return DOMPurify.sanitize(Input, {
@@ -3979,7 +3992,7 @@ int main()
Temp = document.querySelector("#problemstatus > tbody").children;
for (let i = 0; i < Temp.length; i++) {
if (Temp[i].children[5].children[0] != null) {
- Temp[i].children[1].innerHTML = `${Temp[i].children[1].innerText.trim()}`;
+ Temp[i].children[1].innerHTML = `${escapeHTML(Temp[i].children[1].innerText.trim())}`;
}
GetUsernameHTML(Temp[i].children[2], Temp[i].children[2].innerText);
Temp[i].children[3].remove();
diff --git a/package.json b/package.json
index f9481ffd..cf0cc01d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "xmoj-script",
- "version": "1.3.0",
+ "version": "1.3.1",
"description": "an improvement script for xmoj.tech",
"main": "AddonScript.js",
"scripts": {