Sanitize Cytoscape tooltip labels to prevent XSS

Co-Authored-By: Codex <codex@openai.com>
2026-03-08 10:41:48 +08:00
parent 1d621bf304
commit e275e79a63
4 changed files with 40 additions and 4 deletions
--- a/src/module/cytoscapeMapTrace.js
+++ b/src/module/cytoscapeMapTrace.js
@@ -13,6 +13,7 @@ import cytoscape from 'cytoscape';
 import dagre from 'cytoscape-dagre';
 import tippy from 'tippy.js';
 import 'tippy.js/dist/tippy.css';
+import { createTooltipContent } from '@/module/tooltipContent.js';

 cytoscape.use( dagre );

@@ -95,8 +96,7 @@ export default function cytoscapeMapTrace(nodes, edges, graphId) {
    const node = event.target
    let ref = node.popperRef()
    let dummyDomEle = document.createElement('div');
-    let content = document.createElement('div');
-    content.innerHTML = node.data("label")
+    let content = createTooltipContent(node.data('label'));
    tip = new tippy(dummyDomEle, { // tippy props:
        getReferenceClientRect: ref.getBoundingClientRect,
        trigger: 'manual',