mirrors/jellyfin-web
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web synced 2025-03-30 19:56:21 +00:00
Code Activity

Fix XSS vulnerability in plugin repo pages

Browse source
This commit is contained in:
Bill Thornton 2023-01-09 11:11:33 -05:00
parent 96234eafb7
commit 4bc0eebee0
2 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/controllers/dashboard/plugins/add/index.js
View file

@ -53,24 +53,24 @@ function renderPackage(pkg, installedPlugins, page) {
populateVersions(pkg, page, installedPlugin);
populateHistory(pkg, page);
$('.pluginName', page).html(pkg.name);
$('.pluginName', page).text(pkg.name);
$('#btnInstallDiv', page).removeClass('hide');
$('#pSelectVersion', page).removeClass('hide');
if (pkg.overview) {
$('#overview', page).show().html(pkg.overview);
$('#overview', page).show().text(pkg.overview);
} else {
$('#overview', page).hide();
}
$('#description', page).html(pkg.description);
$('#developer', page).html(pkg.owner);
$('#description', page).text(pkg.description);
$('#developer', page).text(pkg.owner);
if (installedPlugin) {
const currentVersionText = globalize.translate('MessageYouHaveVersionInstalled', '<strong>' + installedPlugin.Version + '</strong>');
$('#pCurrentVersion', page).show().html(currentVersionText);
$('#pCurrentVersion', page).show().text(currentVersionText);
} else {
$('#pCurrentVersion', page).hide().html('');
$('#pCurrentVersion', page).hide().text('');
}
loading.hide();