diff --git a/Update.json b/Update.json
index fbf81e36..cc93908a 100644
--- a/Update.json
+++ b/Update.json
@@ -3348,6 +3348,17 @@
}
],
"Notes": "v3 显然需要在新年第一天发布("
+ },
+ "3.1.1": {
+ "UpdateDate": 1771489733913,
+ "Prerelease": true,
+ "UpdateContents": [
+ {
+ "PR": 910,
+ "Description": "Fix XSS in post title rendering"
+ }
+ ],
+ "Notes": "Fixed a stored XSS vulnerability in discussion thread post titles."
}
}
}
\ No newline at end of file
diff --git a/XMOJ.user.js b/XMOJ.user.js
index aba3fd3d..0b120687 100644
--- a/XMOJ.user.js
+++ b/XMOJ.user.js
@@ -1,6 +1,6 @@
// ==UserScript==
// @name XMOJ
-// @version 3.1.0
+// @version 3.1.1
// @description XMOJ增强脚本
// @author @XMOJ-Script-dev, @langningchen and the community
// @namespace https://github/langningchen
@@ -5202,7 +5202,7 @@ int main()
Delete.style.display = "";
}
}
- PostTitle.innerHTML = ResponseData.Data.Title + (ResponseData.Data.ProblemID == 0 ? "" : ` - 题目` + ` ` + ResponseData.Data.ProblemID + ``);
+ PostTitle.innerHTML = escapeHTML(ResponseData.Data.Title) + (ResponseData.Data.ProblemID == 0 ? "" : ` - 题目` + ` ` + ResponseData.Data.ProblemID + ``);
document.title = "讨论" + ThreadID + ": " + ResponseData.Data.Title;
PostAuthor.innerHTML = "";
GetUsernameHTML(PostAuthor.children[0], ResponseData.Data.UserID);
diff --git a/package.json b/package.json
index 3f59d6be..62b60c53 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "xmoj-script",
- "version": "3.1.0",
+ "version": "3.1.1",
"description": "an improvement script for xmoj.tech",
"main": "AddonScript.js",
"scripts": {