Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-24 12:48:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

HTML escape adlist URL before printing it in gravity stream

Browse Source 
Co-authored-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: yubiuser <github@yubiuser.dev>
This commit is contained in:
yubiuser
2025-04-14 16:21:21 +02:00
parent 6e60bc903c
commit b4af886192
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/js/gravity.js
View File

@@ -5,7 +5,7 @@
* This file is copyright under the latest version of the EUPL.
* Please see LICENSE file for your rights under this license. */
/* global apiFailure:false */
/* global apiFailure:false, utils:false */
"use strict";
@@ -91,7 +91,8 @@ function parseLines(outputElement, text) {
for (let line of lines) {
if (line[0] === "\r") {
// This line starts with the "OVER" sequence. Replace them with "\n" before print
line = line.replaceAll("\r", "\n").replaceAll("\r", "\n");
// we also escape HTML to prevent XSS attacks
line = utils.escapeHtml(line.replaceAll("\r", "\n").replaceAll("\r", "\n"));
// Last line from the textarea will be overwritten, so we remove it
const lastLineIndex = outputElement.innerHTML.lastIndexOf("\n");