mirrors/jellyfin-web
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web synced 2025-03-30 19:56:21 +00:00
Code Activity

Escape HTML

Browse source
This commit is contained in:
Dmitry Lyzo 2022-01-30 00:27:26 +03:00
parent 08cbc5aa8f
commit 59adbc348a
60 changed files with 245 additions and 192 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/components/metadataEditor/metadataEditor.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import dom from '../../scripts/dom';
import layoutManager from '../layoutManager';
import dialogHelper from '../dialogHelper/dialogHelper';
@ -448,12 +449,12 @@ import template from './metadataEditor.template.html';
fullName = idInfo.Name + ' ' + globalize.translate(idInfo.Type);
}
const labelText = globalize.translate('LabelDynamicExternalId', fullName);
const labelText = globalize.translate('LabelDynamicExternalId', escapeHtml(fullName));
html += '<div class="inputContainer">';
html += '<div class="flex align-items-center">';
const value = providerIds[idInfo.Key] || '';
const value = escapeHtml(providerIds[idInfo.Key] || '');
html += '<div class="flex-grow">';
html += '<input is="emby-input" class="txtExternalId" value="' + value + '" data-providerkey="' + idInfo.Key + '" data-formatstring="' + formatString + '" id="' + id + '" label="' + labelText + '"/>';
@ -860,7 +861,7 @@ import template from './metadataEditor.template.html';
for (let i = 0, length = ratings.length; i < length; i++) {
rating = ratings[i];
html += "<option value='" + rating.Value + "'>" + rating.Name + '</option>';
html += "<option value='" + escapeHtml(rating.Value) + "'>" + escapeHtml(rating.Name) + '</option>';
}
select.innerHTML = html;
@ -893,7 +894,7 @@ import template from './metadataEditor.template.html';
html += '<div class="listItemBody">';
html += '<div class="textValue">';
html += items[i];
html += escapeHtml(items[i]);
html += '</div>';
html += '</div>';
@ -923,7 +924,7 @@ import template from './metadataEditor.template.html';
html += '<button style="text-align:left;" type="button" class="btnEditPerson clearButton" data-index="' + i + '">';
html += '<div class="textValue">';
html += (person.Name || '');
html += escapeHtml(person.Name || '');
html += '</div>';
if (person.Role && person.Role !== lastType) {