|
|
|
@ -86,7 +86,7 @@ function modifyCategory(category, fields) {
|
|
|
|
|
|
|
|
|
|
|
|
db.parseIntFields(category, intFields, fields);
|
|
|
|
db.parseIntFields(category, intFields, fields);
|
|
|
|
|
|
|
|
|
|
|
|
const escapeFields = ['name', 'color', 'bgColor', 'imageClass', 'class', 'link'];
|
|
|
|
const escapeFields = ['name', 'color', 'bgColor', 'backgroundImage', 'imageClass', 'class', 'link'];
|
|
|
|
escapeFields.forEach((field) => {
|
|
|
|
escapeFields.forEach((field) => {
|
|
|
|
if (category.hasOwnProperty(field)) {
|
|
|
|
if (category.hasOwnProperty(field)) {
|
|
|
|
category[field] = validator.escape(String(category[field] || ''));
|
|
|
|
category[field] = validator.escape(String(category[field] || ''));
|
|
|
|
|
Julian Lam
3 years ago