WildDragonLLC/dragonflight
1
0
Fork 0
Code Issues 18 Pull requests 3 Projects Releases Packages Wiki Activity Actions

fix(topbar-strip): escape pageName() output before innerHTML insertion

Browse source
This commit is contained in:
Zac Gaetano 2026-05-19 00:46:48 -04:00
parent 76b0a5e05e
commit 36f165807a
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
services/web-ui/public/js/topbar-strip.js
View file

@ -1,5 +1,9 @@
// Operator status strip mounted at the top of every .main pane.
(function () {
function esc(s) {
if (!s) return '';
return String(s).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;');
}
function mount() {
const main = document.querySelector('.main');
if (!main || main.querySelector('.topbar-strip')) return;
@ -11,7 +15,7 @@
'<span class="ts-now" id="tsNow">00:00:00</span>' +
'<span class="ts-sep"></span>' +
'<span class="ts-label">Page</span>' +
'<span class="ts-value" id="tsPage">' + pageName() + '</span>' +
'<span class="ts-value" id="tsPage">' + esc(pageName()) + '</span>' +
'<span class="ts-sep"></span>' +
'<span class="ts-label">API</span>' +
'<span class="ts-value" id="tsApi">--</span>';