Add sanitize from XSS to WebUI

2024-01-11 14:13:52 +03:00
parent ccec41a10f
commit 3b3d5b033a
2 changed files with 3 additions and 2 deletions
@@ -124,7 +124,8 @@
        fetch(url, {cache: 'no-cache'}).then(r => r.json()).then(data => {
            tbody.innerHTML = '';

-            for (const [name, value] of Object.entries(data)) {
+            for (const [key, value] of Object.entries(data)) {
+                const name = key.replace(/[<">]/g, ''); // sanitize
                const online = value && value.consumers ? value.consumers.length : 0;
                const src = encodeURIComponent(name);
                const links = templates.map(link => {
@@ -43,7 +43,7 @@
 <script src="main.js"></script>
 <div id="links"></div>
 <script>
-    const src = new URLSearchParams(location.search).get('src');
+    const src = new URLSearchParams(location.search).get('src').replace(/[<">]/g, ''); // sanitize

    document.getElementById('links').innerHTML = `
        <h2>Any codec in source</h2>