Merge pull request #4269 from thornbill/fix-plugin-xss

Fix XSS vulnerability in plugin repo pages
2024-11-17 10:58:20 -07:00 · 2023-01-09 12:15:18 -05:00 · 2023-01-09 12:15:18 -05:00 · 21a3bae204
commit 21a3bae204
parent 96234eafb7 4bc0eebee0
2 changed files with 12 additions and 12 deletions
--- a/src/controllers/dashboard/plugins/add/index.js
+++ b/src/controllers/dashboard/plugins/add/index.js
@ -53,24 +53,24 @@ function renderPackage(pkg, installedPlugins, page) {
    populateVersions(pkg, page, installedPlugin);
    populateHistory(pkg, page);
-    $('.pluginName', page).html(pkg.name);
+    $('.pluginName', page).text(pkg.name);
    $('#btnInstallDiv', page).removeClass('hide');
    $('#pSelectVersion', page).removeClass('hide');
    if (pkg.overview) {
-        $('#overview', page).show().html(pkg.overview);
+        $('#overview', page).show().text(pkg.overview);
    } else {
        $('#overview', page).hide();
    }
-    $('#description', page).html(pkg.description);
+    $('#description', page).text(pkg.description);
-    $('#developer', page).html(pkg.owner);
+    $('#developer', page).text(pkg.owner);
    if (installedPlugin) {
        const currentVersionText = globalize.translate('MessageYouHaveVersionInstalled', '<strong>' + installedPlugin.Version + '</strong>');
-        $('#pCurrentVersion', page).show().html(currentVersionText);
+        $('#pCurrentVersion', page).show().text(currentVersionText);
    } else {
-        $('#pCurrentVersion', page).hide().html('');
+        $('#pCurrentVersion', page).hide().text('');
    }
    loading.hide();
--- a/src/controllers/dashboard/plugins/available/index.js
+++ b/src/controllers/dashboard/plugins/available/index.js
@ -1,3 +1,5 @@
 import escapeHTML from 'escape-html';
 import loading from '../../../../components/loading/loading';
 import libraryMenu from '../../../../scripts/libraryMenu';
 import globalize from '../../../../scripts/globalize';
@ -73,7 +75,7 @@ function populateList(options) {
                html += '</div>';
            }
            html += '<div class="verticalSection">';
-            html += '<h2 class="sectionTitle sectionTitle-cards">' + category + '</h2>';
+            html += '<h2 class="sectionTitle sectionTitle-cards">' + escapeHTML(category) + '</h2>';
            html += '<div class="itemsContainer vertical-wrap">';
            currentCategory = category;
        }
@ -107,7 +109,7 @@ function getPluginHtml(plugin, options, installedPlugins) {
    html += `<a class="cardImageContainer" is="emby-linkbutton" style="margin:0;padding:0" href="${href}" ${target}>`;
    if (plugin.imageUrl) {
-        html += `<img src="${plugin.imageUrl}" style="width:100%" />`;
+        html += `<img src="${escapeHTML(plugin.imageUrl)}" style="width:100%" />`;
    } else {
        html += `<div class="cardImage flex align-items-center justify-content-center ${cardBuilder.getDefaultBackgroundClass()}">`;
        html += '<span class="cardImageIcon material-icons extension" aria-hidden="true"></span>';
@ -119,11 +121,9 @@ function getPluginHtml(plugin, options, installedPlugins) {
    html += '</div>';
    html += '<div class="cardFooter">';
    html += "<div class='cardText'>";
-    html += plugin.name;
+    html += escapeHTML(plugin.name);
    html += '</div>';
-    const installedPlugin = installedPlugins.filter(function (ip) {
+    const installedPlugin = installedPlugins.find(installed => installed.Id === plugin.guid);
        return ip.Id == plugin.guid;
    })[0];
    html += "<div class='cardText cardText-secondary'>";
    html += installedPlugin ? globalize.translate('LabelVersionInstalled', installedPlugin.Version) : '&nbsp;';
    html += '</div>';