more sanitization, just in case

jelveh · jelveh · commit 8cad610a54a1 · 2024-04-29T14:09:54.000-07:00
diff --git a/src/UI/UIWindowMoveProgress.js b/src/UI/UIWindowMoveProgress.js
@@ -22,7 +22,7 @@ import UIWindow from './UIWindow.js'
 // todo do this using uid rather than item_path, since item_path is way mroe expensive on the DB
 async function UIWindowMoveProgress(options){
     let h = '';
-    h += `<div data-move-operation-id="${options.operation_id}">`;
+    h += `<div data-move-operation-id="${html_encode(options.operation_id)}">`;
         h += `<div>`;
             // spinner
             h +=`<svg style="float:left; margin-right: 7px;" xmlns="http://www.w3.org/2000/svg" height="24" width="24" viewBox="0 0 24 24"><title>circle anim</title><g fill="#212121" class="nc-icon-wrapper"><g class="nc-loop-circle-24-icon-f"><path d="M12 24a12 12 0 1 1 12-12 12.013 12.013 0 0 1-12 12zm0-22a10 10 0 1 0 10 10A10.011 10.011 0 0 0 12 2z" fill="#212121" opacity=".4"></path><path d="M24 12h-2A10.011 10.011 0 0 0 12 2V0a12.013 12.013 0 0 1 12 12z" data-color="color-2"></path></g><style>.nc-loop-circle-24-icon-f{--animation-duration:0.5s;transform-origin:12px 12px;animation:nc-loop-circle-anim var(--animation-duration) infinite linear}@keyframes nc-loop-circle-anim{0%{transform:rotate(0)}100%{transform:rotate(360deg)}}</style></g></svg>`;
diff --git a/src/UI/UIWindowNewFolderProgress.js b/src/UI/UIWindowNewFolderProgress.js
@@ -22,7 +22,7 @@ import UIWindow from './UIWindow.js'
 // todo do this using uid rather than item_path, since item_path is way mroe expensive on the DB
 async function UIWindowNewFolderProgress(options){
     let h = '';
-    h += `<div data-newfolder-operation-id="${options.operation_id}">`;
+    h += `<div data-newfolder-operation-id="${html_encode(options.operation_id)}">`;
         h += `<div>`;
             // spinner
             h +=`<svg style="float:left; margin-right: 7px;" xmlns="http://www.w3.org/2000/svg" height="24" width="24" viewBox="0 0 24 24"><title>circle anim</title><g fill="#212121" class="nc-icon-wrapper"><g class="nc-loop-circle-24-icon-f"><path d="M12 24a12 12 0 1 1 12-12 12.013 12.013 0 0 1-12 12zm0-22a10 10 0 1 0 10 10A10.011 10.011 0 0 0 12 2z" fill="#212121" opacity=".4"></path><path d="M24 12h-2A10.011 10.011 0 0 0 12 2V0a12.013 12.013 0 0 1 12 12z" data-color="color-2"></path></g><style>.nc-loop-circle-24-icon-f{--animation-duration:0.5s;transform-origin:12px 12px;animation:nc-loop-circle-anim var(--animation-duration) infinite linear}@keyframes nc-loop-circle-anim{0%{transform:rotate(0)}100%{transform:rotate(360deg)}}</style></g></svg>`;
diff --git a/src/helpers.js b/src/helpers.js
@@ -667,7 +667,7 @@ window.update_auth_data = (auth_token, user)=>{
 
     // Has email changed?
     if(window.user?.email !== user.email && user.email){
-        $('.user-email').html(user.email);
+        $('.user-email').html(html_encode(user.email));
     }
 
     // update this session's user data

Original file line number	Diff line number	Diff line change
`@@ -667,7 +667,7 @@ window.update_auth_data = (auth_token, user)=>{`
`667`	`667`
`668`	`668`	`// Has email changed?`
`669`	`669`	`if(window.user?.email !== user.email && user.email){`
`670`		`- $('.user-email').html(user.email);`
	`670`	`+ $('.user-email').html(html_encode(user.email));`
`671`	`671`	`}`
`672`	`672`
`673`	`673`	`// update this session's user data`