fix HTML escaping

2025-03-30 19:56:21 +00:00 · 2022-10-16 00:06:54 +03:00 · 2022-10-16 00:06:54 +03:00 · 39879baefe
commit 39879baefe
parent 8334a7de33
2 changed files with 2 additions and 2 deletions
--- a/src/components/listview/listview.js
+++ b/src/components/listview/listview.js
@ -149,7 +149,7 @@ import ServerConnections from '../ServerConnections';

            elem.classList.add('listItemBodyText');

-            elem.innerHTML = '<bdi>' + text + '</bdi>';
+            elem.innerHTML = '<bdi>' + escapeHtml(text) + '</bdi>';

            html += elem.outerHTML;
        }
--- a/src/controllers/itemDetails/index.js
+++ b/src/controllers/itemDetails/index.js
@ -1068,7 +1068,7 @@ function renderTagline(page, item) {

    if (item.Taglines && item.Taglines.length) {
        taglineElement.classList.remove('hide');
-        taglineElement.innerHTML = '<bdi>' + item.Taglines[0] + '</bdi>';
+        taglineElement.innerHTML = '<bdi>' + escapeHtml(item.Taglines[0]) + '</bdi>';
    } else {
        taglineElement.classList.add('hide');
    }