d4708/qBittorrent
1
0
Fork 0
mirror of https://github.com/d47081/qBittorrent.git synced 2025-01-25 14:04:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #13537 from SeproDE/betterSanetizeRSS

Browse Source 
Place WebUI RSS description in sandboxed iframe
This commit is contained in:
Mike Tzou 2020-10-20 12:46:49 +08:00 committed by GitHub
commit b636bf4b2a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/webui/www/private/views/rss.html
View File

@ -72,6 +72,11 @@
width: 100%; width: 100%;
} }
#rssDescription {
width: 100%;
border: none;
}
</style> </style>
<div id="rssView"> <div id="rssView">
@ -423,11 +428,15 @@
return torrentDate; return torrentDate;
})()); })());
// Strip script before interpreting html // Place in iframe with sandbox atribute to prevent js execution
let torrentDescription = document.createRange().createContextualFragment( let torrentDescription = document.createRange().createContextualFragment('<iframe sandbox id="rssDescription"></iframe>');
'<div id="rssTorrentDetailsDescription">' + article.description.stripScripts() + '</div>');
$('rssDetailsView').append(torrentDescription); $('rssDetailsView').append(torrentDescription);
document.getElementById('rssDescription').srcdoc = '<html><head><link rel="stylesheet" type="text/css" href="css/style.css" /></head><body>' + article.description + "</body></html>";
//calculate height to fill screen
document.getElementById('rssDescription').style.height =
"calc(100% - " + document.getElementById('rssTorrentDetailsName').offsetHeight + "px - " +
document.getElementById('rssTorrentDetailsDate').offsetHeight + "px - 5px)";
} }
}; };