From 9cf57574fb8eaac0a145606e636a4867ae10d1aa Mon Sep 17 00:00:00 2001
From: nielsvanvelzen <nielsvanvelzen@users.noreply.github.com>
Date: Sat, 25 May 2024 11:50:39 -0400
Subject: [PATCH] Backport pull request #5563 from jellyfin-web/release-10.9.z

Fix chapter name XSS injection in progress bar

Original-merge: 7eb54e029f2316caf893126e9647a03165b10e84

Merged-by: thornbill <thornbill@users.noreply.github.com>

Backported-by: Joshua M. Boniface <joshua@boniface.me>
---
 src/controllers/playback/video/index.js |  1 -
 src/elements/emby-slider/emby-slider.js | 19 ++-----------------
 2 files changed, 2 insertions(+), 18 deletions(-)

diff --git a/src/controllers/playback/video/index.js b/src/controllers/playback/video/index.js
index 6fa5798f79..7732537b09 100644
--- a/src/controllers/playback/video/index.js
+++ b/src/controllers/playback/video/index.js
@@ -1843,7 +1843,6 @@ export default function (view) {
         if (item?.Chapters?.length) {
             item.Chapters.forEach(currentChapter => {
                 markers.push({
-                    className: 'chapterMarker',
                     name: currentChapter.Name,
                     progress: currentChapter.StartPositionTicks / item.RunTimeTicks
                 });
diff --git a/src/elements/emby-slider/emby-slider.js b/src/elements/emby-slider/emby-slider.js
index 2854a9dd09..512fb5bfe4 100644
--- a/src/elements/emby-slider/emby-slider.js
+++ b/src/elements/emby-slider/emby-slider.js
@@ -203,28 +203,13 @@ function setMarker(range, valueMarker, marker, valueProgress) {
 }
 
 function updateMarkers(range, currentValue) {
-    function getMarkerHtml(markerInfo) {
-        let markerTypeSpecificClasses = '';
-
-        if (markerInfo.className === 'chapterMarker') {
-            markerTypeSpecificClasses = markerInfo.className;
-
-            if (typeof markerInfo.name === 'string' && markerInfo.name.length) {
-                // limit the class length in case the name contains half a novel
-                markerTypeSpecificClasses = `${markerInfo.className} marker-${markerInfo.name.substring(0, 100).toLowerCase().replace(' ', '-')}`;
-            }
-        }
-
-        return `<span class="material-icons sliderMarker ${markerTypeSpecificClasses}" aria-hidden="true"></span>`;
-    }
-
     if (range.getMarkerInfo) {
         range.markerInfo = range.getMarkerInfo();
 
         range.markerContainerElement.innerHTML = '';
 
-        range.markerInfo.forEach(info => {
-            range.markerContainerElement.insertAdjacentHTML('beforeend', getMarkerHtml(info));
+        range.markerInfo.forEach(() => {
+            range.markerContainerElement.insertAdjacentHTML('beforeend', '<span class="sliderMarker" aria-hidden="true"></span>');
         });
 
         range.markerElements = range.markerContainerElement.querySelectorAll('.sliderMarker');