Browse Source

Use proper method for manipulating text

`innerText` is too powerful for the job here, use a more
restricted/secure way to manipulate text.

Related: #17211.
PR #17212.
adaptive-webui-19844
Chocobo1 3 years ago committed by GitHub
parent
commit
3dd616f6ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      src/webui/www/private/scripts/download.js
  2. 4
      src/webui/www/private/views/preferences.html
  3. 6
      src/webui/www/private/views/rssDownloader.html
  4. 4
      src/webui/www/public/scripts/login.js

2
src/webui/www/private/scripts/download.js

@ -106,7 +106,7 @@ window.qBittorrent.Download = (function() { @@ -106,7 +106,7 @@ window.qBittorrent.Download = (function() {
}
else {
item.nextElementSibling.hidden = true;
const text = item.options[item.selectedIndex].innerHTML;
const text = item.options[item.selectedIndex].textContent;
item.nextElementSibling.value = text;
if ($('autoTMM').selectedIndex == 1) {

4
src/webui/www/private/views/preferences.html

@ -1374,7 +1374,7 @@ @@ -1374,7 +1374,7 @@
}
else {
item.nextElementSibling.hidden = true;
const text = item.options[item.selectedIndex].innerHTML;
const text = item.options[item.selectedIndex].textContent;
item.nextElementSibling.value = text;
}
};
@ -1397,7 +1397,7 @@ @@ -1397,7 +1397,7 @@
$('cb_watch_' + pos).setProperty('value', sel);
if (disableInput) {
const elt = $('cb_watch_' + pos);
other = elt.options[elt.selectedIndex].innerHTML;
other = elt.options[elt.selectedIndex].textContent;
}
$('cb_watch_txt_' + pos).setProperty('value', other);

6
src/webui/www/private/views/rssDownloader.html

@ -682,7 +682,7 @@ Supports the formats: S01E01, 1x1, 2017.12.31 and 31.12.2017 (Date formats also @@ -682,7 +682,7 @@ Supports the formats: S01E01, 1x1, 2017.12.31 and 31.12.2017 (Date formats also
$('savetoDifferentDir').checked = false;
$('saveToText').value = '';
$('ignoreDaysValue').value = 0;
$('lastMatchText').innerHTML = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]';
$('lastMatchText').textContent = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]';
$('addPausedCombobox').value = 'default';
$('contentLayoutCombobox').value = 'Default';
rssDownloaderFeedSelectionTable.clear();
@ -724,10 +724,10 @@ Supports the formats: S01E01, 1x1, 2017.12.31 and 31.12.2017 (Date formats also @@ -724,10 +724,10 @@ Supports the formats: S01E01, 1x1, 2017.12.31 and 31.12.2017 (Date formats also
if (rulesList[ruleName].lastMatch !== '') {
let timeDiffInMs = new Date().getTime() - new Date(rulesList[ruleName].lastMatch).getTime();
let daysAgo = Math.floor(timeDiffInMs / (1000 * 60 * 60 * 24)).toString();
$('lastMatchText').innerHTML = ' QBT_TR(Last Match: %1 days ago)QBT_TR[CONTEXT=AutomatedRssDownloader]'.replace('%1', daysAgo);
$('lastMatchText').textContent = ' QBT_TR(Last Match: %1 days ago)QBT_TR[CONTEXT=AutomatedRssDownloader]'.replace('%1', daysAgo);
}
else {
$('lastMatchText').innerHTML = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]';
$('lastMatchText').textContent = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]';
}
if (rulesList[ruleName].addPaused === null)

4
src/webui/www/public/scripts/login.js

@ -48,11 +48,11 @@ function submitLoginForm() { @@ -48,11 +48,11 @@ function submitLoginForm() {
if ((xhr.status === 200) && (xhr.responseText === "Ok."))
location.reload(true);
else
errorMsgElement.innerHTML = 'QBT_TR(Invalid Username or Password.)QBT_TR[CONTEXT=HttpServer]';
errorMsgElement.textContent = 'QBT_TR(Invalid Username or Password.)QBT_TR[CONTEXT=HttpServer]';
}
});
xhr.addEventListener('error', function() {
errorMsgElement.innerHTML = (xhr.responseText !== "")
errorMsgElement.textContent = (xhr.responseText !== "")
? xhr.responseText
: 'QBT_TR(Unable to log in, qBittorrent is probably unreachable.)QBT_TR[CONTEXT=HttpServer]';
});

Loading…
Cancel
Save