mirrors/jellyfin-web
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web synced 2025-03-30 19:56:21 +00:00
Code Activity

Sanitize HTML

Browse source
This commit is contained in:
Dmitry Lyzo 2022-01-30 18:29:40 +03:00
parent 59adbc348a
commit 8420d0fef2
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/components/dialog/dialog.js
View file

@ -1,3 +1,4 @@
import DOMPurify from 'dompurify';
import escapeHtml from 'escape-html';
import dialogHelper from '../dialogHelper/dialogHelper';
import dom from '../../scripts/dom';
@ -54,7 +55,7 @@ import template from './dialog.template.html';
}
const displayText = options.html || options.text || '';
dlg.querySelector('.text').innerHTML = displayText;
dlg.querySelector('.text').innerHTML = DOMPurify.sanitize(displayText);
if (!displayText) {
dlg.querySelector('.dialogContentInner').classList.add('hide');

3
src/controllers/itemDetails/index.js
View file

@ -1,4 +1,5 @@
import { intervalToDuration } from 'date-fns';
import DOMPurify from 'dompurify';
import escapeHtml from 'escape-html';
import { appHost } from '../../components/apphost';
import loading from '../../components/loading/loading';
@ -902,7 +903,7 @@ function renderOverview(page, item) {
const overviewElements = page.querySelectorAll('.overview');
if (overviewElements.length > 0) {
const overview = item.Overview || '';
const overview = DOMPurify.sanitize(item.Overview || '');
if (overview) {
for (const overviewElemnt of overviewElements) {