mirrors/jellyfin-web
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web synced 2025-03-30 19:56:21 +00:00
Code Activity

Merge pull request #4238 from thornbill/fix-router-xss

Browse source 
Fix XSS vulnerability in router
This commit is contained in:
Bill Thornton 2023-01-04 16:34:45 -05:00 committed by GitHub
commit 255df81375
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/components/appRouter.js
View file

@ -59,8 +59,6 @@ class AppRouter {
this.baseRoute = this.baseRoute.substring(0, this.baseRoute.length - 1); this.baseRoute = this.baseRoute.substring(0, this.baseRoute.length - 1);
} }
this.setBaseRoute();
// paths that start with a hashbang (i.e. /#!/page.html) get transformed to starting with // // paths that start with a hashbang (i.e. /#!/page.html) get transformed to starting with //
// we need to strip one "/" for our routes to work // we need to strip one "/" for our routes to work
page('//*', (ctx) => { page('//*', (ctx) => {
@ -68,18 +66,6 @@ class AppRouter {
}); });
} }
/**
* @private
*/
setBaseRoute() {
let baseRoute = window.location.pathname.replace(this.getRequestFile(), '');
if (baseRoute.lastIndexOf('/') === baseRoute.length - 1) {
baseRoute = baseRoute.substring(0, baseRoute.length - 1);
}
console.debug('setting page base to ' + baseRoute);
page.base(baseRoute);
}
addRoute(path, newRoute) { addRoute(path, newRoute) {
page(path, this.getHandler(newRoute)); page(path, this.getHandler(newRoute));
this.allRoutes.push(newRoute); this.allRoutes.push(newRoute);