cotugno/jellyfin-web
2
Fork 0
mirror of https://github.com/jellyfin/jellyfin-web.git synced 2024-11-17 19:08:18 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3519 from dmitrylyzo/fix-escapehtml

Browse Source 
Escape HTML

(cherry picked from commit ef811e699c)
Signed-off-by: crobibero <cody@robibe.ro>
This commit is contained in:
Bill Thornton 2022-03-31 11:42:34 -04:00 committed by crobibero
parent a74ddbb5ca
commit 7ec51f111c
6 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/components/cardbuilder/cardBuilder.js
View File

@ -949,7 +949,7 @@ import ServerConnections from '../ServerConnections';
}, item.ChannelName));
} else {
lines.push(escapeHtml(item.ChannelName) || '&nbsp;');
lines.push(escapeHtml(item.ChannelName || '') || '&nbsp;');
}
}
@ -981,7 +981,7 @@ import ServerConnections from '../ServerConnections';
if (item.RecordAnyChannel) {
lines.push(globalize.translate('AllChannels'));
} else {
lines.push(escapeHtml(item.ChannelName) || globalize.translate('OneChannel'));
lines.push(escapeHtml(item.ChannelName || '') || globalize.translate('OneChannel'));
}
}

3
src/components/dashboard/users/CheckBoxListItem.tsx
View File

@ -1,3 +1,4 @@
import escapeHtml from 'escape-html';
import React, { FunctionComponent } from 'react';
type IProps = {
@ -17,7 +18,7 @@ const createCheckBoxElement = ({className, Name, dataAttributes, AppName, checke
class="${className}"
${dataAttributes} ${checkedAttribute}
/>
<span>${Name} ${AppName}</span>
<span>${escapeHtml(Name || '')} ${AppName}</span>
</label>`
});

2
src/components/directorybrowser/directorybrowser.js
View File

@ -267,7 +267,7 @@ class DirectoryBrowser {
html += '<div class="formDialogHeader">';
html += `<button is="paper-icon-button-light" class="btnCloseDialog autoSize" tabindex="-1" title="${globalize.translate('ButtonBack')}"><span class="material-icons arrow_back" aria-hidden="true"></span></button>`;
html += '<h3 class="formDialogHeaderTitle">';
html += escapeHtml(options.header) || globalize.translate('HeaderSelectPath');
html += escapeHtml(options.header || '') || globalize.translate('HeaderSelectPath');
html += '</h3>';
html += '</div>';
html += getEditorHtml(options, systemInfo);

2
src/components/itemidentifier/itemidentifier.js
View File

@ -246,7 +246,7 @@ import template from './itemidentifier.template.html';
} else {
html += '<div class="cardText cardText-secondary cardTextCentered">';
}
html += escapeHtml(lines[i]) || '&nbsp;';
html += escapeHtml(lines[i] || '') || '&nbsp;';
html += '</div>';
}

2
src/controllers/dashboard/notifications/notification/index.js
View File

@ -39,7 +39,7 @@ function reload(page) {
$('.monitorUsers', page).hide();
}
$('.notificationType', page).html(escapeHtml(typeInfo.Name) || 'Unknown Notification');
$('.notificationType', page).html(escapeHtml(typeInfo.Name || '') || 'Unknown Notification');
if (!notificationConfig) {
notificationConfig = {

2
src/controllers/itemDetails/index.js
View File

@ -450,7 +450,7 @@ function renderName(item, container, context) {
} else if (item.ParentIndexNumber != null && item.Type === 'Episode') {
parentNameHtml.push(`<a style="color:inherit;" class="button-link itemAction" is="emby-linkbutton" href="#" data-action="link" data-id="${item.SeasonId}" data-serverid="${item.ServerId}" data-type="Season" data-isfolder="true">${escapeHtml(item.SeasonName)}</a>`);
} else if (item.ParentIndexNumber != null && item.IsSeries) {
parentNameHtml.push(escapeHtml(item.SeasonName) || 'S' + item.ParentIndexNumber);
parentNameHtml.push(escapeHtml(item.SeasonName || 'S' + item.ParentIndexNumber));
} else if (item.Album && item.AlbumId && (item.Type === 'MusicVideo' || item.Type === 'Audio')) {
parentNameHtml.push(`<a style="color:inherit;" class="button-link itemAction" is="emby-linkbutton" href="#" data-action="link" data-id="${item.AlbumId}" data-serverid="${item.ServerId}" data-type="MusicAlbum" data-isfolder="true">${escapeHtml(item.Album)}</a>`);
} else if (item.Album) {