mirrors/jellyfin-web
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web synced 2025-03-30 19:56:21 +00:00
Code Activity

Escape HTML

Browse source
This commit is contained in:
Dmitry Lyzo 2022-01-30 00:27:26 +03:00
parent 08cbc5aa8f
commit 59adbc348a
60 changed files with 245 additions and 192 deletions
Download patch file Download diff file Expand all files Collapse all files

37
src/controllers/dashboard/dashboard.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import datetime from '../../scripts/datetime';
import { Events } from 'jellyfin-apiclient';
import itemHelper from '../../components/itemHelper';
@ -199,10 +200,10 @@ import confirm from '../../components/confirm/confirm';
function reloadSystemInfo(view, apiClient) {
apiClient.getSystemInfo().then(function (systemInfo) {
view.querySelector('#serverName').innerHTML = globalize.translate('DashboardServerName', systemInfo.ServerName);
view.querySelector('#versionNumber').innerHTML = globalize.translate('DashboardVersionNumber', systemInfo.Version);
view.querySelector('#operatingSystem').innerHTML = globalize.translate('DashboardOperatingSystem', systemInfo.OperatingSystem);
view.querySelector('#architecture').innerHTML = globalize.translate('DashboardArchitecture', systemInfo.SystemArchitecture);
view.querySelector('#serverName').innerText = globalize.translate('DashboardServerName', systemInfo.ServerName);
view.querySelector('#versionNumber').innerText = globalize.translate('DashboardVersionNumber', systemInfo.Version);
view.querySelector('#operatingSystem').innerText = globalize.translate('DashboardOperatingSystem', systemInfo.OperatingSystem);
view.querySelector('#architecture').innerText = globalize.translate('DashboardArchitecture', systemInfo.SystemArchitecture);
if (systemInfo.CanSelfRestart) {
view.querySelector('#btnRestartServer').classList.remove('hide');
@ -210,11 +211,11 @@ import confirm from '../../components/confirm/confirm';
view.querySelector('#btnRestartServer').classList.add('hide');
}
view.querySelector('#cachePath').innerHTML = systemInfo.CachePath;
view.querySelector('#logPath').innerHTML = systemInfo.LogPath;
view.querySelector('#transcodePath').innerHTML = systemInfo.TranscodingTempPath;
view.querySelector('#metadataPath').innerHTML = systemInfo.InternalMetadataPath;
view.querySelector('#webPath').innerHTML = systemInfo.WebPath;
view.querySelector('#cachePath').innerText = systemInfo.CachePath;
view.querySelector('#logPath').innerText = systemInfo.LogPath;
view.querySelector('#transcodePath').innerText = systemInfo.TranscodingTempPath;
view.querySelector('#metadataPath').innerText = systemInfo.InternalMetadataPath;
view.querySelector('#webPath').innerText = systemInfo.WebPath;
});
}
@ -279,8 +280,8 @@ import confirm from '../../components/confirm/confirm';
}
html += '<div class="sessionAppName" style="display:inline-block;">';
html += '<div class="sessionDeviceName">' + session.DeviceName + '</div>';
html += '<div class="sessionAppSecondaryText">' + DashboardPage.getAppSecondaryText(session) + '</div>';
html += '<div class="sessionDeviceName">' + escapeHtml(session.DeviceName) + '</div>';
html += '<div class="sessionAppSecondaryText">' + escapeHtml(DashboardPage.getAppSecondaryText(session)) + '</div>';
html += '</div>';
html += '</div>';
@ -289,7 +290,7 @@ import confirm from '../../components/confirm/confirm';
html += '<div class="sessionNowPlayingInfo" data-imgsrc="' + nowPlayingName.image + '">';
html += nowPlayingName.html;
html += '</div>';
html += '<div class="sessionNowPlayingTime">' + DashboardPage.getSessionNowPlayingTime(session) + '</div>';
html += '<div class="sessionNowPlayingTime">' + escapeHtml(DashboardPage.getSessionNowPlayingTime(session)) + '</div>';
html += '</div>';
let percent = 100 * session?.PlayState?.PositionTicks / nowPlayingItem?.RunTimeTicks;
@ -480,16 +481,16 @@ import confirm from '../../components/confirm/confirm';
};
}
let topText = itemHelper.getDisplayName(nowPlayingItem);
let topText = escapeHtml(itemHelper.getDisplayName(nowPlayingItem));
let bottomText = '';
if (nowPlayingItem.Artists && nowPlayingItem.Artists.length) {
bottomText = topText;
topText = nowPlayingItem.Artists[0];
topText = escapeHtml(nowPlayingItem.Artists[0]);
} else {
if (nowPlayingItem.SeriesName || nowPlayingItem.Album) {
bottomText = topText;
topText = nowPlayingItem.SeriesName || nowPlayingItem.Album;
topText = escapeHtml(nowPlayingItem.SeriesName || nowPlayingItem.Album);
} else if (nowPlayingItem.ProductionYear) {
bottomText = nowPlayingItem.ProductionYear;
}
@ -575,9 +576,9 @@ import confirm from '../../components/confirm/confirm';
btnSessionPlayPauseIcon.classList.remove('play_arrow', 'pause');
btnSessionPlayPauseIcon.classList.add(session.PlayState && session.PlayState.IsPaused ? 'play_arrow' : 'pause');
row.querySelector('.sessionNowPlayingTime').innerHTML = DashboardPage.getSessionNowPlayingTime(session);
row.querySelector('.sessionUserName').innerHTML = DashboardPage.getUsersHtml(session);
row.querySelector('.sessionAppSecondaryText').innerHTML = DashboardPage.getAppSecondaryText(session);
row.querySelector('.sessionNowPlayingTime').innerText = DashboardPage.getSessionNowPlayingTime(session);
row.querySelector('.sessionUserName').innerText = DashboardPage.getUsersHtml(session);
row.querySelector('.sessionAppSecondaryText').innerText = DashboardPage.getAppSecondaryText(session);
const nowPlayingName = DashboardPage.getNowPlayingName(session);
const nowPlayingInfoElem = row.querySelector('.sessionNowPlayingInfo');

2
src/controllers/dashboard/devices/device.js
View file

@ -8,7 +8,7 @@ import Dashboard from '../../../scripts/clientUtils';
function load(page, device, deviceOptions) {
page.querySelector('#txtCustomName', page).value = deviceOptions.CustomName || '';
page.querySelector('.reportedName', page).innerHTML = device.Name || '';
page.querySelector('.reportedName', page).innerText = device.Name || '';
}
function loadData() {

7
src/controllers/dashboard/devices/devices.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import cardBuilder from '../../../components/cardbuilder/cardBuilder';
import loading from '../../../components/loading/loading';
import dom from '../../../scripts/dom';
@ -118,15 +119,15 @@ import confirm from '../../../components/confirm/confirm';
}
deviceHtml += "<div class='cardText'>";
deviceHtml += device.Name;
deviceHtml += escapeHtml(device.Name);
deviceHtml += '</div>';
deviceHtml += "<div class='cardText cardText-secondary'>";
deviceHtml += device.AppName + ' ' + device.AppVersion;
deviceHtml += escapeHtml(device.AppName + ' ' + device.AppVersion);
deviceHtml += '</div>';
deviceHtml += "<div class='cardText cardText-secondary'>";
if (device.LastUserName) {
deviceHtml += device.LastUserName;
deviceHtml += escapeHtml(device.LastUserName);
deviceHtml += ', ' + formatDistanceToNow(Date.parse(device.DateLastActivity), localeWithSuffix);
}

11
src/controllers/dashboard/dlna/profile.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import 'jquery';
import loading from '../../../components/loading/loading';
import globalize from '../../../scripts/globalize';
@ -76,7 +77,7 @@ import toast from '../../../components/toast/toast';
profile.CodecProfiles = profile.CodecProfiles || [];
profile.ResponseProfiles = profile.ResponseProfiles || [];
const usersHtml = '<option></option>' + users.map(function (u) {
return '<option value="' + u.Id + '">' + u.Name + '</option>';
return '<option value="' + u.Id + '">' + escapeHtml(u.Name) + '</option>';
}).join('');
$('#selectUser', page).html(usersHtml).val(profile.UserId || '');
renderSubProfiles(page, profile);
@ -88,8 +89,8 @@ import toast from '../../../components/toast/toast';
let li = '<div class="listItem">';
li += '<span class="material-icons listItemIcon info" aria-hidden="true"></span>';
li += '<div class="listItemBody">';
li += '<h3 class="listItemBodyText">' + h.Name + ': ' + (h.Value || '') + '</h3>';
li += '<div class="listItemBodyText secondary">' + (h.Match || '') + '</div>';
li += '<h3 class="listItemBodyText">' + escapeHtml(h.Name + ': ' + (h.Value || '')) + '</h3>';
li += '<div class="listItemBodyText secondary">' + escapeHtml(h.Match || '') + '</div>';
li += '</div>';
li += '<button type="button" is="paper-icon-button-light" class="btnDeleteIdentificationHeader listItemButton" data-index="' + index + '"><span class="material-icons delete" aria-hidden="true"></span></button>';
li += '</div>';
@ -144,7 +145,7 @@ import toast from '../../../components/toast/toast';
let li = '<div class="listItem">';
li += '<span class="material-icons listItemIcon info" aria-hidden="true"></span>';
li += '<div class="listItemBody">';
li += '<h3 class="listItemBodyText">' + h.Name + ' = ' + (h.Value || '') + '</h3>';
li += '<h3 class="listItemBodyText">' + escapeHtml(h.Name + ' = ' + (h.Value || '')) + '</h3>';
li += '</div>';
li += '<button type="button" is="paper-icon-button-light" class="btnDeleteXmlAttribute listItemButton" data-index="0"><span class="material-icons delete" aria-hidden="true"></span></button>';
return li += '</div>';
@ -186,7 +187,7 @@ import toast from '../../../components/toast/toast';
let li = '<div class="listItem lnkEditSubProfile" data-index="' + index + '">';
li += '<span class="material-icons listItemIcon info" aria-hidden="true"></span>';
li += '<div class="listItemBody">';
li += '<h3 class="listItemBodyText">' + (h.Format || '') + '</h3>';
li += '<h3 class="listItemBodyText">' + escapeHtml(h.Format || '') + '</h3>';
li += '</div>';
li += '<button type="button" is="paper-icon-button-light" class="btnDeleteProfile listItemButton" data-index="' + index + '"><span class="material-icons delete" aria-hidden="true"></span></button>';
li += '</div>';

3
src/controllers/dashboard/dlna/profiles.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import 'jquery';
import globalize from '../../../scripts/globalize';
import loading from '../../../components/loading/loading';
@ -42,7 +43,7 @@ import confirm from '../../../components/confirm/confirm';
html += '<span class="listItemIcon material-icons live_tv" aria-hidden="true"></span>';
html += '<div class="listItemBody two-line">';
html += "<a is='emby-linkbutton' style='padding:0;margin:0;' data-ripple='false' class='clearLink' href='#!/dlnaprofile.html?id=" + profile.Id + "'>";
html += '<div>' + profile.Name + '</div>';
html += '<div>' + escapeHtml(profile.Name) + '</div>';
html += '</a>';
html += '</div>';

3
src/controllers/dashboard/dlna/settings.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import 'jquery';
import loading from '../../../components/loading/loading';
import libraryMenu from '../../../scripts/libraryMenu';
@ -14,7 +15,7 @@ import Dashboard from '../../../scripts/clientUtils';
$('#chkBlastAliveMessages', page).prop('checked', config.BlastAliveMessages);
$('#txtBlastInterval', page).val(config.BlastAliveMessageIntervalSeconds);
const usersHtml = users.map(function (u) {
return '<option value="' + u.Id + '">' + u.Name + '</option>';
return '<option value="' + u.Id + '">' + escapeHtml(u.Name) + '</option>';
}).join('');
$('#selectUser', page).html(usersHtml).val(config.DefaultUserId || '');
loading.hide();

5
src/controllers/dashboard/library.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import 'jquery';
import taskButton from '../../scripts/taskbutton';
import loading from '../../components/loading/loading';
@ -297,7 +298,7 @@ import cardBuilder from '../../components/cardbuilder/cardBuilder';
if (virtualFolder.showNameWithIcon) {
html += '<div style="margin:1em 0;position:width:100%;">';
html += virtualFolder.Name;
html += escapeHtml(virtualFolder.Name);
html += '</div>';
}
@ -319,7 +320,7 @@ import cardBuilder from '../../components/cardbuilder/cardBuilder';
if (virtualFolder.showNameWithIcon) {
html += '&nbsp;';
} else {
html += virtualFolder.Name;
html += escapeHtml(virtualFolder.Name);
}
html += '</div>';

3
src/controllers/dashboard/metadatanfo.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import 'jquery';
import loading from '../../components/loading/loading';
import libraryMenu from '../../scripts/libraryMenu';
@ -10,7 +11,7 @@ import alert from '../../components/alert';
function loadPage(page, config, users) {
let html = '<option value="" selected="selected">' + globalize.translate('None') + '</option>';
html += users.map(function (user) {
return '<option value="' + user.Id + '">' + user.Name + '</option>';
return '<option value="' + user.Id + '">' + escapeHtml(user.Name) + '</option>';
}).join('');
$('#selectUser', page).html(html).val(config.UserId || '');
$('#selectReleaseDateFormat', page).val(config.ReleaseDateFormat);

5
src/controllers/dashboard/notifications/notification/index.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import 'jquery';
import '../../../../elements/emby-checkbox/emby-checkbox';
import Dashboard from '../../../../scripts/clientUtils';
@ -7,7 +8,7 @@ function fillItems(elem, items, cssClass, idPrefix, currentList, isEnabledList)
html += items.map(function (u) {
const isChecked = isEnabledList ? currentList.indexOf(u.Id) != -1 : currentList.indexOf(u.Id) == -1;
const checkedHtml = isChecked ? ' checked="checked"' : '';
return '<label><input is="emby-checkbox" class="' + cssClass + '" type="checkbox" data-itemid="' + u.Id + '"' + checkedHtml + '/><span>' + u.Name + '</span></label>';
return '<label><input is="emby-checkbox" class="' + cssClass + '" type="checkbox" data-itemid="' + u.Id + '"' + checkedHtml + '/><span>' + escapeHtml(u.Name) + '</span></label>';
}).join('');
html += '</div>';
elem.html(html).trigger('create');
@ -37,7 +38,7 @@ function reload(page) {
$('.monitorUsers', page).hide();
}
$('.notificationType', page).html(typeInfo.Name || 'Unknown Notification');
$('.notificationType', page).html(escapeHtml(typeInfo.Name) || 'Unknown Notification');
if (!notificationConfig) {
notificationConfig = {

2
src/controllers/dashboard/users/userpasswordpage.js
View file

@ -13,7 +13,7 @@ import confirm from '../../../components/confirm/confirm';
ApiClient.getUser(userid).then(function (user) {
Dashboard.getCurrentUser().then(function (loggedInUser) {
libraryMenu.setTitle(user.Name);
page.querySelector('.username').innerHTML = user.Name;
page.querySelector('.username').innerText = user.Name;
let showPasswordSection = true;
let showLocalAccessSection = false;

47
src/controllers/itemDetails/index.js
View file

@ -1,4 +1,5 @@
import { intervalToDuration } from 'date-fns';
import escapeHtml from 'escape-html';
import { appHost } from '../../components/apphost';
import loading from '../../components/loading/loading';
import { appRouter } from '../../components/appRouter';
@ -211,7 +212,7 @@ function renderTrackSelections(page, instance, item, forceReload) {
const selectedId = mediaSources[0].Id;
select.innerHTML = mediaSources.map(function (v) {
const selected = v.Id === selectedId ? ' selected' : '';
return '<option value="' + v.Id + '"' + selected + '>' + v.Name + '</option>';
return '<option value="' + v.Id + '"' + selected + '>' + escapeHtml(v.Name) + '</option>';
}).join('');
if (mediaSources.length > 1) {
@ -415,7 +416,7 @@ function getArtistLinksHtml(artists, serverId, context) {
itemType: 'MusicArtist',
serverId: serverId
});
html.push('<a style="color:inherit;" class="button-link" is="emby-linkbutton" href="' + href + '">' + artist.Name + '</a>');
html.push('<a style="color:inherit;" class="button-link" is="emby-linkbutton" href="' + href + '">' + escapeHtml(artist.Name) + '</a>');
}
return html.join(' / ');
@ -438,21 +439,21 @@ function renderName(item, container, context) {
parentNameHtml.push(getArtistLinksHtml(item.ArtistItems, item.ServerId, context));
parentNameLast = true;
} else if (item.SeriesName && item.Type === 'Episode') {
parentNameHtml.push(`<a style="color:inherit;" class="button-link itemAction" is="emby-linkbutton" href="#" data-action="link" data-id="${item.SeriesId}" data-serverid="${item.ServerId}" data-type="Series" data-isfolder="true">${item.SeriesName}</a>`);
parentNameHtml.push(`<a style="color:inherit;" class="button-link itemAction" is="emby-linkbutton" href="#" data-action="link" data-id="${item.SeriesId}" data-serverid="${item.ServerId}" data-type="Series" data-isfolder="true">${escapeHtml(item.SeriesName)}</a>`);
} else if (item.IsSeries || item.EpisodeTitle) {
parentNameHtml.push(item.Name);
parentNameHtml.push(escapeHtml(item.Name));
}
if (item.SeriesName && item.Type === 'Season') {
parentNameHtml.push(`<a style="color:inherit;" class="button-link itemAction" is="emby-linkbutton" href="#" data-action="link" data-id="${item.SeriesId}" data-serverid="${item.ServerId}" data-type="Series" data-isfolder="true">${item.SeriesName}</a>`);
parentNameHtml.push(`<a style="color:inherit;" class="button-link itemAction" is="emby-linkbutton" href="#" data-action="link" data-id="${item.SeriesId}" data-serverid="${item.ServerId}" data-type="Series" data-isfolder="true">${escapeHtml(item.SeriesName)}</a>`);
} else if (item.ParentIndexNumber != null && item.Type === 'Episode') {
parentNameHtml.push(`<a style="color:inherit;" class="button-link itemAction" is="emby-linkbutton" href="#" data-action="link" data-id="${item.SeasonId}" data-serverid="${item.ServerId}" data-type="Season" data-isfolder="true">${item.SeasonName}</a>`);
parentNameHtml.push(`<a style="color:inherit;" class="button-link itemAction" is="emby-linkbutton" href="#" data-action="link" data-id="${item.SeasonId}" data-serverid="${item.ServerId}" data-type="Season" data-isfolder="true">${escapeHtml(item.SeasonName)}</a>`);
} else if (item.ParentIndexNumber != null && item.IsSeries) {
parentNameHtml.push(item.SeasonName || 'S' + item.ParentIndexNumber);
parentNameHtml.push(escapeHtml(item.SeasonName) || 'S' + item.ParentIndexNumber);
} else if (item.Album && item.AlbumId && (item.Type === 'MusicVideo' || item.Type === 'Audio')) {
parentNameHtml.push(`<a style="color:inherit;" class="button-link itemAction" is="emby-linkbutton" href="#" data-action="link" data-id="${item.AlbumId}" data-serverid="${item.ServerId}" data-type="MusicAlbum" data-isfolder="true">${item.Album}</a>`);
parentNameHtml.push(`<a style="color:inherit;" class="button-link itemAction" is="emby-linkbutton" href="#" data-action="link" data-id="${item.AlbumId}" data-serverid="${item.ServerId}" data-type="MusicAlbum" data-isfolder="true">${escapeHtml(item.Album)}</a>`);
} else if (item.Album) {
parentNameHtml.push(item.Album);
parentNameHtml.push(escapeHtml(item.Album));
}
// FIXME: This whole section needs some refactoring, so it becames easier to scale across all form factors. See GH #1022
@ -473,9 +474,9 @@ function renderName(item, container, context) {
}
}
const name = itemHelper.getDisplayName(item, {
const name = escapeHtml(itemHelper.getDisplayName(item, {
includeParentInfo: false
});
}));
if (html && !parentNameLast) {
if (tvSeasonHtml) {
@ -490,7 +491,7 @@ function renderName(item, container, context) {
}
if (item.OriginalTitle && item.OriginalTitle != item.Name) {
html += '<h4 class="itemName infoText originalTitle">' + item.OriginalTitle + '</h4>';
html += '<h4 class="itemName infoText originalTitle">' + escapeHtml(item.OriginalTitle) + '</h4>';
}
container.innerHTML = html;
@ -667,7 +668,7 @@ function reloadFromItem(instance, page, params, item, user) {
location = `<a is="emby-linkbutton" class="button-link textlink" target="_blank" href="https://www.openstreetmap.org/search?query=${encodeURIComponent(location)}">${location}</a>`;
}
itemBirthLocation.classList.remove('hide');
itemBirthLocation.innerHTML = globalize.translate('BirthPlaceValue', location);
itemBirthLocation.innerText = globalize.translate('BirthPlaceValue', location);
} else {
itemBirthLocation.classList.add('hide');
}
@ -947,7 +948,7 @@ function renderGenres(page, item, context = inferContext(item)) {
Id: p.Id
}, {
context: context
}) + '">' + p.Name + '</a>';
}) + '">' + escapeHtml(p.Name) + '</a>';
}).join(', ');
const genresLabel = page.querySelector('.genresLabel');
@ -976,7 +977,7 @@ function renderWriter(page, item, context) {
Id: person.Id
}, {
context: context
}) + '">' + person.Name + '</a>';
}) + '">' + escapeHtml(person.Name) + '</a>';
}).join(', ');
const writersLabel = page.querySelector('.writersLabel');
@ -1005,7 +1006,7 @@ function renderDirector(page, item, context) {
Id: person.Id
}, {
context: context
}) + '">' + person.Name + '</a>';
}) + '">' + escapeHtml(person.Name) + '</a>';
}).join(', ');
const directorsLabel = page.querySelector('.directorsLabel');
@ -1058,7 +1059,7 @@ function renderTagline(page, item) {
if (item.Taglines && item.Taglines.length) {
taglineElement.classList.remove('hide');
taglineElement.innerHTML = item.Taglines[0];
taglineElement.innerText = item.Taglines[0];
} else {
taglineElement.classList.add('hide');
}
@ -1125,7 +1126,7 @@ function renderMoreFromSeason(view, item, apiClient) {
}
section.classList.remove('hide');
section.querySelector('h2').innerHTML = globalize.translate('MoreFromValue', item.SeasonName);
section.querySelector('h2').innerText = globalize.translate('MoreFromValue', item.SeasonName);
const itemsContainer = section.querySelector('.itemsContainer');
cardBuilder.buildCards(result.Items, {
parentContainer: section,
@ -1184,9 +1185,9 @@ function renderMoreFromArtist(view, item, apiClient) {
section.classList.remove('hide');
if (item.Type === 'MusicArtist') {
section.querySelector('h2').innerHTML = globalize.translate('HeaderAppearsOn');
section.querySelector('h2').innerText = globalize.translate('HeaderAppearsOn');
} else {
section.querySelector('h2').innerHTML = globalize.translate('MoreFromValue', item.AlbumArtists[0].Name);
section.querySelector('h2').innerText = globalize.translate('MoreFromValue', item.AlbumArtists[0].Name);
}
cardBuilder.buildCards(result.Items, {
@ -1276,7 +1277,7 @@ function renderSeriesAirTime(page, item, isStatic) {
}
if (item.Studios.length) {
if (isStatic) {
html += ' on ' + item.Studios[0].Name;
html += ' on ' + escapeHtml(item.Studios[0].Name);
} else {
const context = inferContext(item);
const href = appRouter.getRouteUrl(item.Studios[0], {
@ -1284,7 +1285,7 @@ function renderSeriesAirTime(page, item, isStatic) {
itemType: 'Studio',
serverId: item.ServerId
});
html += ' on <a class="textlink button-link" is="emby-linkbutton" href="' + href + '">' + item.Studios[0].Name + '</a>';
html += ' on <a class="textlink button-link" is="emby-linkbutton" href="' + href + '">' + escapeHtml(item.Studios[0].Name) + '</a>';
}
}
if (html) {
@ -1310,7 +1311,7 @@ function renderTags(page, item) {
}
if (tagElements.length) {
itemTags.innerHTML = globalize.translate('TagsValue', tagElements.join(', '));
itemTags.innerText = globalize.translate('TagsValue', tagElements.join(', '));
itemTags.classList.remove('hide');
} else {
itemTags.innerHTML = '';

3
src/controllers/movies/moviegenres.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import layoutManager from '../../components/layoutManager';
import loading from '../../components/loading/loading';
import libraryBrowser from '../../scripts/libraryBrowser';
@ -150,7 +151,7 @@ import '../../elements/emby-button/emby-button';
parentId: params.topParentId
}) + '" class="more button-flat button-flat-mini sectionTitleTextButton btnMoreFromGenre' + item.Id + '">';
html += '<h2 class="sectionTitle sectionTitle-cards">';
html += item.Name;
html += escapeHtml(item.Name);
html += '</h2>';
html += '<span class="material-icons hide chevron_right" aria-hidden="true"></span>';
html += '</a>';

4
src/controllers/movies/moviesrecommended.js
View file

@ -1,4 +1,4 @@
import escapeHtml from 'escape-html';
import { Events } from 'jellyfin-apiclient';
import layoutManager from '../../components/layoutManager';
import inputManager from '../../scripts/inputManager';
@ -127,7 +127,7 @@ import Dashboard from '../../scripts/clientUtils';
}
html += '<div class="verticalSection">';
html += '<h2 class="sectionTitle sectionTitle-cards padded-left">' + title + '</h2>';
html += '<h2 class="sectionTitle sectionTitle-cards padded-left">' + escapeHtml(title) + '</h2>';
const allowBottomPadding = true;
if (enableScrollX()) {

3
src/controllers/playback/video/index.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import { playbackManager } from '../../../components/playback/playbackmanager';
import SyncPlay from '../../../components/syncPlay/core';
import browser from '../../../scripts/browser';
@ -1236,7 +1237,7 @@ import { appRouter } from '../../../components/appRouter';
html += '<img class="chapterThumb" src="' + src + '" />';
html += '<div class="chapterThumbTextContainer">';
html += '<div class="chapterThumbText chapterThumbText-dim">';
html += chapter.Name;
html += escapeHtml(chapter.Name);
html += '</div>';
html += '<h2 class="chapterThumbText">';
html += datetime.getDisplayRunningTime(positionTicks);

3
src/controllers/session/selectServer/index.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import loading from '../../../components/loading/loading';
import { appRouter } from '../../../components/appRouter';
import layoutManager from '../../../components/layoutManager';
@ -71,7 +72,7 @@ import cardBuilder from '../../../components/cardbuilder/cardBuilder';
cardContainer += '</div>';
cardContainer += '</div>';
cardContainer += '<div class="cardFooter">';
cardContainer += '<div class="cardText cardTextCentered">' + item.name + '</div>';
cardContainer += '<div class="cardText cardTextCentered">' + escapeHtml(item.name) + '</div>';
cardContainer += '</div></div></button>';
return cardContainer;
}).join('');

3
src/controllers/shows/tvgenres.js
View file

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import layoutManager from '../../components/layoutManager';
import loading from '../../components/loading/loading';
import libraryBrowser from '../../scripts/libraryBrowser';
@ -148,7 +149,7 @@ import '../../elements/emby-button/emby-button';
parentId: params.topParentId
}) + '" class="more button-flat button-flat-mini sectionTitleTextButton btnMoreFromGenre' + item.Id + '">';
html += '<h2 class="sectionTitle sectionTitle-cards">';
html += item.Name;
html += escapeHtml(item.Name);
html += '</h2>';
html += '<span class="material-icons hide chevron_right" aria-hidden="true"></span>';
html += '</a>';

2
src/controllers/user/menu/index.js
View file

@ -55,7 +55,7 @@ export default function (view, params) {
console.debug('Failed to get QuickConnect status');
});
ApiClient.getUser(userId).then(function (user) {
page.querySelector('.headerUsername').innerHTML = user.Name;
page.querySelector('.headerUsername').innerText = user.Name;
if (user.Policy.IsAdministrator && !layoutManager.tv) {
page.querySelector('.adminSection').classList.remove('hide');
}

2
src/controllers/user/profile/index.js
View file

@ -12,7 +12,7 @@ function reloadUser(page) {
const userId = getParameterByName('userId');
loading.show();
ApiClient.getUser(userId).then(function (user) {
page.querySelector('.username').innerHTML = user.Name;
page.querySelector('.username').innerText = user.Name;
libraryMenu.setTitle(user.Name);
let imageUrl = 'assets/img/avatar.png';