admin/jellyfin-web
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #4657 from thornbill/subs-xss

Browse Source 
Fix xss in custom subtitles element
This commit is contained in:
Bill Thornton
2023-06-01 02:13:28 -04:00
committed by GitHub
parent 62246fe0a9 2ffb833daf
commit 5cc91f2ee0
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/plugins/htmlVideoPlayer/plugin.js
View File

@@ -1,3 +1,5 @@
import DOMPurify from 'dompurify';
import browser from '../../scripts/browser';
import { Events } from 'jellyfin-apiclient';
import { appHost } from '../../components/apphost';
@@ -1317,7 +1319,8 @@ function tryRemoveElement(elem) {
}
if (selectedTrackEvent && selectedTrackEvent.Text) {
subtitleTextElement.innerHTML = normalizeTrackEventText(selectedTrackEvent.Text, true);
subtitleTextElement.innerHTML = DOMPurify.sanitize(
normalizeTrackEventText(selectedTrackEvent.Text, true));
subtitleTextElement.classList.remove('hide');
} else {
subtitleTextElement.classList.add('hide');