mirrors/jellyfin-web
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web synced 2025-03-30 19:56:21 +00:00
Code Activity

Fix chapter name XSS injection in progress bar

Browse source
This commit is contained in:
Niels van Velzen 2024-05-20 11:27:57 +02:00
parent a806eeb3a7
commit b8a7cf214d
2 changed files with 2 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/elements/emby-slider/emby-slider.js
View file

@ -203,28 +203,13 @@ function setMarker(range, valueMarker, marker, valueProgress) {
}
function updateMarkers(range, currentValue) {
function getMarkerHtml(markerInfo) {
let markerTypeSpecificClasses = '';
if (markerInfo.className === 'chapterMarker') {
markerTypeSpecificClasses = markerInfo.className;
if (typeof markerInfo.name === 'string' && markerInfo.name.length) {
// limit the class length in case the name contains half a novel
markerTypeSpecificClasses = `${markerInfo.className} marker-${markerInfo.name.substring(0, 100).toLowerCase().replace(' ', '-')}`;
}
}
return `<span class="material-icons sliderMarker ${markerTypeSpecificClasses}" aria-hidden="true"></span>`;
}
if (range.getMarkerInfo) {
range.markerInfo = range.getMarkerInfo();
range.markerContainerElement.innerHTML = '';
range.markerInfo.forEach(info => {
range.markerContainerElement.insertAdjacentHTML('beforeend', getMarkerHtml(info));
range.markerInfo.forEach(() => {
range.markerContainerElement.insertAdjacentHTML('beforeend', '<span class="sliderMarker" aria-hidden="true"></span>');
});
range.markerElements = range.markerContainerElement.querySelectorAll('.sliderMarker');