d4708
/
qBittorrent
mirror of https://github.com/d47081/qBittorrent.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Use proper method for manipulating text 

`innerText` is too powerful for the job here, use a more
restricted/secure way to manipulate text.

Related: #17211.
PR #17212.
adaptive-webui-19844
Chocobo1 2 years ago committed by GitHub
parent
d5e6d161f2
commit
3dd616f6ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 8 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      src/webui/www/private/scripts/download.js
  2. 4
      src/webui/www/private/views/preferences.html
  3. 6
      src/webui/www/private/views/rssDownloader.html
  4. 4
      src/webui/www/public/scripts/login.js

2
src/webui/www/private/scripts/download.js
Unescape View File

@ -106,7 +106,7 @@ window.qBittorrent.Download = (function() {
} }
else { else {
item.nextElementSibling.hidden = true; item.nextElementSibling.hidden = true;
const text = item.options[item.selectedIndex].innerHTML; const text = item.options[item.selectedIndex].textContent;
item.nextElementSibling.value = text; item.nextElementSibling.value = text;
if ($('autoTMM').selectedIndex == 1) { if ($('autoTMM').selectedIndex == 1) {

4
src/webui/www/private/views/preferences.html
Unescape View File

@ -1374,7 +1374,7 @@
} }
else { else {
item.nextElementSibling.hidden = true; item.nextElementSibling.hidden = true;
const text = item.options[item.selectedIndex].innerHTML; const text = item.options[item.selectedIndex].textContent;
item.nextElementSibling.value = text; item.nextElementSibling.value = text;
} }
}; };
@ -1397,7 +1397,7 @@
$('cb_watch_' + pos).setProperty('value', sel); $('cb_watch_' + pos).setProperty('value', sel);
if (disableInput) { if (disableInput) {
const elt = $('cb_watch_' + pos); const elt = $('cb_watch_' + pos);
other = elt.options[elt.selectedIndex].innerHTML; other = elt.options[elt.selectedIndex].textContent;
} }
$('cb_watch_txt_' + pos).setProperty('value', other); $('cb_watch_txt_' + pos).setProperty('value', other);

6
src/webui/www/private/views/rssDownloader.html
Unescape View File

@ -682,7 +682,7 @@ Supports the formats: S01E01, 1x1, 2017.12.31 and 31.12.2017 (Date formats also
$('savetoDifferentDir').checked = false; $('savetoDifferentDir').checked = false;
$('saveToText').value = ''; $('saveToText').value = '';
$('ignoreDaysValue').value = 0; $('ignoreDaysValue').value = 0;
$('lastMatchText').innerHTML = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]'; $('lastMatchText').textContent = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]';
$('addPausedCombobox').value = 'default'; $('addPausedCombobox').value = 'default';
$('contentLayoutCombobox').value = 'Default'; $('contentLayoutCombobox').value = 'Default';
rssDownloaderFeedSelectionTable.clear(); rssDownloaderFeedSelectionTable.clear();
@ -724,10 +724,10 @@ Supports the formats: S01E01, 1x1, 2017.12.31 and 31.12.2017 (Date formats also
if (rulesList[ruleName].lastMatch !== '') { if (rulesList[ruleName].lastMatch !== '') {
let timeDiffInMs = new Date().getTime() - new Date(rulesList[ruleName].lastMatch).getTime(); let timeDiffInMs = new Date().getTime() - new Date(rulesList[ruleName].lastMatch).getTime();
let daysAgo = Math.floor(timeDiffInMs / (1000 * 60 * 60 * 24)).toString(); let daysAgo = Math.floor(timeDiffInMs / (1000 * 60 * 60 * 24)).toString();
$('lastMatchText').innerHTML = ' QBT_TR(Last Match: %1 days ago)QBT_TR[CONTEXT=AutomatedRssDownloader]'.replace('%1', daysAgo); $('lastMatchText').textContent = ' QBT_TR(Last Match: %1 days ago)QBT_TR[CONTEXT=AutomatedRssDownloader]'.replace('%1', daysAgo);
} }
else { else {
$('lastMatchText').innerHTML = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]'; $('lastMatchText').textContent = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]';
} }
if (rulesList[ruleName].addPaused === null) if (rulesList[ruleName].addPaused === null)

4
src/webui/www/public/scripts/login.js
Unescape View File

@ -48,11 +48,11 @@ function submitLoginForm() {
if ((xhr.status === 200) && (xhr.responseText === "Ok.")) if ((xhr.status === 200) && (xhr.responseText === "Ok."))
location.reload(true); location.reload(true);
else else
errorMsgElement.innerHTML = 'QBT_TR(Invalid Username or Password.)QBT_TR[CONTEXT=HttpServer]'; errorMsgElement.textContent = 'QBT_TR(Invalid Username or Password.)QBT_TR[CONTEXT=HttpServer]';
} }
}); });
xhr.addEventListener('error', function() { xhr.addEventListener('error', function() {
errorMsgElement.innerHTML = (xhr.responseText !== "") errorMsgElement.textContent = (xhr.responseText !== "")
? xhr.responseText ? xhr.responseText
: 'QBT_TR(Unable to log in, qBittorrent is probably unreachable.)QBT_TR[CONTEXT=HttpServer]'; : 'QBT_TR(Unable to log in, qBittorrent is probably unreachable.)QBT_TR[CONTEXT=HttpServer]';
}); });

Write Preview
Loading…
Cancel
Save