mirrors/jellyfin-web
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web synced 2025-03-30 19:56:21 +00:00
Code Activity

Backport pull request #4269 from jellyfin/release-10.8.z

Browse source 
Fix XSS vulnerability in plugin repo pages

Original-merge: 21a3bae204

Merged-by: Joshua M. Boniface <joshua@boniface.me>

Backported-by: Joshua M. Boniface <joshua@boniface.me>
This commit is contained in:
Bill Thornton 2023-01-22 14:08:04 -05:00 committed by Joshua M. Boniface
parent 7c9464d0c3
commit 4ee51ff12e
2 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/controllers/dashboard/plugins/add/index.js
View file

@ -53,24 +53,24 @@ function renderPackage(pkg, installedPlugins, page) {
populateVersions(pkg, page, installedPlugin);
populateHistory(pkg, page);
$('.pluginName', page).html(pkg.name);
$('.pluginName', page).text(pkg.name);
$('#btnInstallDiv', page).removeClass('hide');
$('#pSelectVersion', page).removeClass('hide');
if (pkg.overview) {
$('#overview', page).show().html(pkg.overview);
$('#overview', page).show().text(pkg.overview);
} else {
$('#overview', page).hide();
}
$('#description', page).html(pkg.description);
$('#developer', page).html(pkg.owner);
$('#description', page).text(pkg.description);
$('#developer', page).text(pkg.owner);
if (installedPlugin) {
const currentVersionText = globalize.translate('MessageYouHaveVersionInstalled', '<strong>' + installedPlugin.Version + '</strong>');
$('#pCurrentVersion', page).show().html(currentVersionText);
$('#pCurrentVersion', page).show().text(currentVersionText);
} else {
$('#pCurrentVersion', page).hide().html('');
$('#pCurrentVersion', page).hide().text('');
}
loading.hide();