Skip to content

Commit

Permalink
Add sanitize from XSS to WebUI
Browse files Browse the repository at this point in the history
  • Loading branch information
AlexxIT committed Jan 11, 2024
1 parent ccec41a commit 3b3d5b0
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 2 additions & 1 deletion www/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,8 @@
fetch(url, {cache: 'no-cache'}).then(r => r.json()).then(data => {
tbody.innerHTML = '';

for (const [name, value] of Object.entries(data)) {
for (const [key, value] of Object.entries(data)) {
const name = key.replace(/[<">]/g, ''); // sanitize
const online = value && value.consumers ? value.consumers.length : 0;
const src = encodeURIComponent(name);
const links = templates.map(link => {
Expand Down
2 changes: 1 addition & 1 deletion www/links.html
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
<script src="main.js"></script>
<div id="links"></div>
<script>
const src = new URLSearchParams(location.search).get('src');
const src = new URLSearchParams(location.search).get('src').replace(/[<">]/g, ''); // sanitize

document.getElementById('links').innerHTML = `
<h2>Any codec in source</h2>
Expand Down

0 comments on commit 3b3d5b0

Please sign in to comment.