squidy/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2025-12-19 06:57:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

WebUI: migrate away from inline HTML code

Browse Source 
`innerHTML` &  `outerHTML` setter will more or less evaluate the value which could be used to
inject malicious code. So replace them with safer alternatives.

PR #21163.
This commit is contained in:
Chocobo1
2024-08-10 12:55:48 +08:00
committed by GitHub
parent 4570c0ef9e
commit 5afeecbf18
7 changed files with 201 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/webui/www/private/scripts/prop-webseeds.js
View File

@@ -63,7 +63,7 @@ window.qBittorrent.PropWebseeds ??= (() => {
updateRow: function(tr, row) {
const tds = tr.getElements("td");
for (let i = 0; i < row.length; ++i)
tds[i].innerHTML = row[i];
tds[i].textContent = row[i];
return true;
},
@@ -78,9 +78,9 @@ window.qBittorrent.PropWebseeds ??= (() => {
const tr = new Element("tr");
this.rows.set(url, tr);
for (let i = 0; i < row.length; ++i) {
const td = new Element("td");
td.innerHTML = row[i];
td.injectInside(tr);
const td = document.createElement("td");
td.textContent = row[i];
tr.appendChild(td);
}
tr.injectInside(this.table);
},