🔒 Fix XSS where using zip feature (#254)
This commit is contained in:
Luc Didry
parent
41722d9161
commit
e32ef3685f
|
|
@ -4,6 +4,7 @@ Revision history for Lufi
|
|||
- 🐛 Fix mail signature separator
|
||||
- 💄 Disable signature when using LDAP (#249)
|
||||
- 🌐 Update translations
|
||||
- 🔒 Fix XSS where using zip feature (#254)
|
||||
|
||||
0.05.14 2021-06-16
|
||||
- 🔧 Set default morbo port to 3000 (as it should have stay)
|
||||
|
|
|
|||
|
|
@ -145,9 +145,9 @@ function spawnWebsocket(pa) {
|
|||
zip.forEach(function (relativePath, zipEntry) {
|
||||
innerHTML.push(
|
||||
'<li>',
|
||||
zipEntry.name,
|
||||
escapeHtml(zipEntry.name),
|
||||
' (', filesize(zipEntry._data.uncompressedSize, {base: 10}), ') ',
|
||||
'<a href="#" download="', zipEntry.name, '" class="download-zip-content" title="', i18n.download, '">',
|
||||
'<a href="#" download="', escapeHtml(zipEntry.name), '" class="download-zip-content" title="', i18n.download, '">',
|
||||
'<i class="mdi-file-file-download"></i>',
|
||||
'</a>',
|
||||
'</li>'
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ function firstViewClicking() {
|
|||
}
|
||||
|
||||
// When clicking on zip checkbox
|
||||
function zipClicking () {
|
||||
function zipClicking() {
|
||||
if ($('#zip-files').attr('data-checked') && $('#zip-files').attr('data-checked') === 'data-checked') {
|
||||
window.zipSize = 0;
|
||||
window.zip = null;
|
||||
|
|
@ -249,7 +249,7 @@ function handleFiles(f) {
|
|||
$('#zip-size').text(filesize(window.zipSize));
|
||||
$('#zip-parts').append([
|
||||
'<li>',
|
||||
'— ', filename, ' (', filesize(element.size), ')',
|
||||
'— ', escapeHtml(filename), ' (', filesize(element.size), ')',
|
||||
'</li>'
|
||||
].join(''));
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue