gilles/go2rtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add sanitize from XSS to WebUI

Browse Source
This commit is contained in:
Alex X
2024-01-11 14:13:52 +03:00
parent ccec41a10f
commit 3b3d5b033a
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
www/index.html
+2 -1
View File
@@ -124,7 +124,8 @@
fetch(url, {cache: 'no-cache'}).then(r => r.json()).then(data => { fetch(url, {cache: 'no-cache'}).then(r => r.json()).then(data => {
tbody.innerHTML = ''; tbody.innerHTML = '';
for (const [name, value] of Object.entries(data)) { for (const [key, value] of Object.entries(data)) {
const name = key.replace(/[<">]/g, ''); // sanitize
const online = value && value.consumers ? value.consumers.length : 0; const online = value && value.consumers ? value.consumers.length : 0;
const src = encodeURIComponent(name); const src = encodeURIComponent(name);
const links = templates.map(link => { const links = templates.map(link => {
www/links.html
+1 -1
View File
@@ -43,7 +43,7 @@
<script src="main.js"></script> <script src="main.js"></script>
<div id="links"></div> <div id="links"></div>
<script> <script>
const src = new URLSearchParams(location.search).get('src'); const src = new URLSearchParams(location.search).get('src').replace(/[<">]/g, ''); // sanitize
document.getElementById('links').innerHTML = ` document.getElementById('links').innerHTML = `
<h2>Any codec in source</h2> <h2>Any codec in source</h2>