librewolf/bunkerized-nginx
4
0
Fork 1
mirror of https://github.com/bunkerity/bunkerized-nginx synced 2023-12-13 21:30:18 +01:00
Code Issues Projects Releases Wiki Activity

Fix potential cross-site scripting vulnerability in plugins.js in the UI

Browse source
This commit is contained in:
Théophile Diot 2023-09-28 11:41:22 +01:00
parent ece5ce1cdf
commit c0816bb119
No known key found for this signature in database
GPG key ID: 248FEA4BAE400D06
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/ui/static/js/plugins.js
View file

@ -333,9 +333,10 @@ class Upload {
: (fileSize = (loaded / (1024 * 1024)).toFixed(2) + " MB");
const progressHTML = this.fileLoad(name, fileSize);
let cleanHTML = DOMPurify.sanitize(progressHTML);
this.uploadedArea.classList.add("onprogress");
this.progressArea.innerHTML = progressHTML;
this.progressArea.innerHTML = cleanHTML;
});
xhr.addEventListener("readystatechange", () => {