mirrors/jellyfin-web
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web synced 2025-03-30 19:56:21 +00:00
Code Activity

Merge pull request #3505 from dmitrylyzo/fix-html-escape

Browse source 
Fix HTML escaping
This commit is contained in:
Bill Thornton 2022-03-21 10:28:14 -04:00 committed by GitHub
commit e023448146
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/controllers/dashboard/dashboard.js
View file

@ -525,11 +525,11 @@ import confirm from '../../components/confirm/confirm';
const html = [];
if (session.UserId) {
html.push(session.UserName);
html.push(escapeHtml(session.UserName));
}
for (let i = 0, length = session.AdditionalUsers.length; i < length; i++) {
html.push(session.AdditionalUsers[i].UserName);
html.push(escapeHtml(session.AdditionalUsers[i].UserName));
}
return html.join(', ');
@ -577,7 +577,7 @@ import confirm from '../../components/confirm/confirm';
btnSessionPlayPauseIcon.classList.add(session.PlayState && session.PlayState.IsPaused ? 'play_arrow' : 'pause');
row.querySelector('.sessionNowPlayingTime').innerText = DashboardPage.getSessionNowPlayingTime(session);
row.querySelector('.sessionUserName').innerText = DashboardPage.getUsersHtml(session);
row.querySelector('.sessionUserName').innerHTML = DashboardPage.getUsersHtml(session);
row.querySelector('.sessionAppSecondaryText').innerText = DashboardPage.getAppSecondaryText(session);
const nowPlayingName = DashboardPage.getNowPlayingName(session);
const nowPlayingInfoElem = row.querySelector('.sessionNowPlayingInfo');