mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
Fix potential cross-site scripting vulnerability in plugins.js in the UI
This commit is contained in:
parent
ece5ce1cdf
commit
c0816bb119
1 changed files with 2 additions and 1 deletions
|
@ -333,9 +333,10 @@ class Upload {
|
|||
: (fileSize = (loaded / (1024 * 1024)).toFixed(2) + " MB");
|
||||
|
||||
const progressHTML = this.fileLoad(name, fileSize);
|
||||
let cleanHTML = DOMPurify.sanitize(progressHTML);
|
||||
|
||||
this.uploadedArea.classList.add("onprogress");
|
||||
this.progressArea.innerHTML = progressHTML;
|
||||
this.progressArea.innerHTML = cleanHTML;
|
||||
});
|
||||
|
||||
xhr.addEventListener("readystatechange", () => {
|
||||
|
|
Loading…
Reference in a new issue