mirrors/jellyfin-web
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web synced 2025-03-30 19:56:21 +00:00
Code Activity

escaped location to prevent xss

Browse source
This commit is contained in:
Felix Oswald 2022-03-18 21:17:19 +01:00 committed by GitHub
parent e6465ec6ec
commit 55ad352d08
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/controllers/itemDetails/index.js
View file

@ -666,10 +666,12 @@ function reloadFromItem(instance, page, params, item, user) {
if (item.Type == 'Person' && item.ProductionLocations && item.ProductionLocations.length) {
let location = item.ProductionLocations[0];
if (!layoutManager.tv && appHost.supports('externallinks')) {
location = `<a is="emby-linkbutton" class="button-link textlink" target="_blank" href="https://www.openstreetmap.org/search?query=${encodeURIComponent(location)}">${location}</a>`;
itemBirthLocation.innerHTML = globalize.translate('BirthPlaceValue', `<a is="emby-linkbutton" class="button-link textlink" target="_blank" href="https://www.openstreetmap.org/search?query=${encodeURIComponent(location)}"></a>`);
page.querySelector('#itemBirthLocation > a').innerText = `${location}`;
} else {
itemBirthLocation.innerText = globalize.translate('BirthPlaceValue', `${location}`);
}
itemBirthLocation.classList.remove('hide');
itemBirthLocation.innerHTML = globalize.translate('BirthPlaceValue', location);
} else {
itemBirthLocation.classList.add('hide');
}