Fix to do more filtering for unsafe content

webmin · Aug 2, 2023 · 71018f8 · 71018f8
1 parent 6d6ffdd
commit 71018f8
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 3 deletions.
diff --git a/extensions/file-manager/file-manager.min.js b/extensions/file-manager/file-manager.min.js
diff --git a/extensions/file-manager/file-manager.min.js.gz b/extensions/file-manager/file-manager.min.js.gz
diff --git a/navigation-lib.pl b/navigation-lib.pl
@@ -479,7 +479,7 @@ sub nav_cat_link
     $link = "/$link" if (!$external_link && $link !~ /^\//);
     $rv   = '<li data-linked' . ($hidden && ' class="hidden"') . '>' . "\n";
     $rv .= '<a' . ($hidden && ' data-parent-hidden') . ' href="' .
-      ($external_link ? $link : "$theme_webprefix$link") . '"> ' . $label . '</a>' . "\n";
+      ($external_link ? $link : "$theme_webprefix$link") . '"> ' . &filter_javascript($label) . '</a>' . "\n";
     $rv .= "</li>\n";
     return $rv;
 }
@@ -558,7 +558,7 @@ sub nav_cat
         # Show link to close or open catgory
         $rv = "<li class=\"has-sub\">\n";
         $rv .= "<a data-has-sub-link href=\"#$c\">";
-        $rv .= "<i class=\"fa $icon fa-fw\"></i> <span>$label</span></a>\n";
+        $rv .= "<i class=\"fa $icon fa-fw\"></i> <span>@{[&filter_javascript($label)]}</span></a>\n";
         $rv .= '</li>' . "\n";
         return $rv;
     }

diff --git a/unauthenticated/js/bundle.min.js.gz b/unauthenticated/js/bundle.min.js.gz