mirrors/jellyfin-web
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web synced 2025-03-30 19:56:21 +00:00
Code Activity

Merge pull request #3601 from thornbill/fix-repositories-xss

Browse source
This commit is contained in:
Joshua M. Boniface 2022-04-27 12:37:16 -04:00 committed by GitHub
commit bc0288e57f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 45 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

65
src/controllers/dashboard/plugins/repositories/index.js
View file

@ -42,39 +42,64 @@ function saveList(page) {
} }
function populateList(options) { function populateList(options) {
let html = ''; const paperList = document.createElement('div');
paperList.className = 'paperList';
html += '<div class="paperList">'; options.repositories.forEach(repo => {
for (let i = 0; i < options.repositories.length; i++) { paperList.appendChild(getRepositoryElement(repo));
html += getRepositoryHtml(options.repositories[i]); });
}
html += '</div>';
if (!options.repositories.length) { if (!options.repositories.length) {
options.noneElement.classList.remove('hide'); options.noneElement.classList.remove('hide');
} else { } else {
options.noneElement.classList.add('hide'); options.noneElement.classList.add('hide');
} }
options.listElement.innerHTML = html; options.listElement.innerHTML = '';
options.listElement.appendChild(paperList);
loading.hide(); loading.hide();
} }
function getRepositoryHtml(repository) { function getRepositoryElement(repository) {
let html = ''; const listItem = document.createElement('div');
listItem.className = 'listItem listItem-border';
html += '<div class="listItem listItem-border">'; const repoLink = document.createElement('a');
html += `<a is="emby-linkbutton" style="margin:0;padding:0" class="clearLink listItemIconContainer" href="${repository.Url}" rel="noopener noreferrer" target="_blank">`; repoLink.setAttribute('is', 'emby-linkbutton');
html += '<span class="material-icons listItemIcon open_in_new" aria-hidden="true"></span>'; repoLink.className = 'clearLink listItemIconContainer';
html += '</a>'; repoLink.style.margin = '0';
html += '<div class="listItemBody two-line">'; repoLink.style.padding = '0';
html += `<h3 class="listItemBodyText">${repository.Name}</h3>`; repoLink.rel = 'noopener noreferrer';
html += `<div class="listItemBodyText secondary">${repository.Url}</div>`; repoLink.target = '_blank';
html += '</div>'; repoLink.href = repository.Url;
html += `<button type="button" is="paper-icon-button-light" id="${repository.Url}" class="btnDelete" title="${globalize.translate('Delete')}"><span class="material-icons delete" aria-hidden="true"></span></button>`; repoLink.innerHTML = '<span class="material-icons listItemIcon open_in_new" aria-hidden="true"></span>';
html += '</div>'; listItem.appendChild(repoLink);
return html; const body = document.createElement('div');
body.className = 'listItemBody two-line';
const name = document.createElement('h3');
name.className = 'listItemBodyText';
name.innerText = repository.Name;
body.appendChild(name);
const url = document.createElement('div');
url.className = 'listItemBodyText secondary';
url.innerText = repository.Url;
body.appendChild(url);
listItem.appendChild(body);
const button = document.createElement('button');
button.type = 'button';
button.setAttribute('is', 'paper-icon-button-light');
button.className = 'btnDelete';
button.id = repository.Url;
button.title = globalize.translate('Delete');
button.innerHTML = '<span class="material-icons delete" aria-hidden="true"></span>';
listItem.appendChild(button);
return listItem;
} }
function getTabs() { function getTabs() {