From 2117fefe625e61229c3fba6e4527d92985a43d31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B6ren=20Weber?= <mail@soeren-weber.de>
Date: Fri, 8 Oct 2021 19:30:27 +0200
Subject: [PATCH] security: fix XSS for malicioius URLs #114

---
 static/js/relearn.js | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/static/js/relearn.js b/static/js/relearn.js
index e80c976b00..7362f91873 100644
--- a/static/js/relearn.js
+++ b/static/js/relearn.js
@@ -510,10 +510,8 @@ jQuery(function() {
         var element = $(this);
         var url = encodeURI(document.location.origin + document.location.pathname);
         var link = url + "#"+element[0].id;
-        return " <span class='anchor' data-clipboard-text='"+link+"'>" +
-            "<i class='fas fa-link fa-lg'></i>" +
-            "</span>"
-        ;
+        var html = " " + $( "<span>" ).addClass("anchor").attr("data-clipboard-text", link).append("<i class='fas fa-link fa-lg'></i>").get(0).outerHTML;
+        return html;
     });
 
     $(".anchor").on('mouseleave', function(e) {