#541 feat: Add DOMPurify to sanitize URL in mediaMain.html

kagemomiji · Jul 16, 2024 · 4690937 · 4690937
1 parent edd4840
commit 4690937
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/airsonic-main/src/main/resources/templates/mediaMain.html b/airsonic-main/src/main/resources/templates/mediaMain.html
@@ -829,7 +829,8 @@
         feather.replace();
         <!-- add title to feather icons-->
         Array.from(document.querySelectorAll('svg.feather[title]')).forEach((element) => {
-           element.insertAdjacentHTML('afterbegin', `<title>${element.attributes.title.value}</title>`);
+           const title = DOMPurify.sanitize(element.attributes.title.value);
+           element.insertAdjacentHTML('afterbegin', '<title>' + title  + '</title>');
         });
     }
 
@@ -921,7 +922,8 @@
             $("#starMediaDir").empty().append(feather.icons.star.toSvg({title: svgTitle}));
         }
         Array.from(document.querySelectorAll('#starMediaDir svg.feather[title]')).forEach((element) => {
-           element.insertAdjacentHTML('afterbegin', `<title>${element.attributes.title.value}</title>`);
+            const title = DOMPurify.sanitize(element.attributes.title.value);
+            element.insertAdjacentHTML('afterbegin', '<title>' + title + '</title>');
         });
     }