Possible security issue when rendering an events header or body
dittodhole opened this issue · 1 comments
dittodhole commented
Following lines in code:
$calEvent.find('.wc-time').html(this.options.eventHeader(calEvent, this.element) + suffix);
$calEvent.find('.wc-title').html(this.options.eventBody(calEvent, this.element));
Shouldn't those rather be .text()
-calls? Or even better: outsource that to another overridable method...
dittodhole commented
closing due to lack of interest.