d4708
/
qBittorrent
mirror of https://github.com/d47081/qBittorrent.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix encoding of special characters 

Special characters would get html encoded (& -> &amp;). This has been tested against several payloads (e.g. <script>alert(0)</script>) to ensure it's not vulnerable to XSS.
adaptive-webui-19844
Tom Piccirello 5 years ago committed by GitHub
parent
183db3475a
commit
368fbd9e7d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      src/webui/www/private/rename.html

2
src/webui/www/private/rename.html
Unescape View File

@ -33,7 +33,7 @@ @@ -33,7 +33,7 @@
var name = new URI().getData('name');
// set text field to current value
if (name)
$('rename').value = escapeHtml(decodeURIComponent(name));
$('rename').value = decodeURIComponent(name);
$('rename').focus();
$('renameButton').addEvent('click', function(e) {

Write Preview
Loading…
Cancel
Save