From bc1c6bc117eb88adb0c519b8ea9f24725ca755d3 Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Sat, 18 Nov 2023 12:53:44 +0100
Subject: [PATCH] Explicitly set contentType to avoid promotion to jsonp

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 scripts/pi-hole/js/footer.js          | 1 +
 scripts/pi-hole/js/groups-clients.js  | 2 ++
 scripts/pi-hole/js/groups-domains.js  | 8 +++++---
 scripts/pi-hole/js/groups-lists.js    | 2 ++
 scripts/pi-hole/js/groups.js          | 2 ++
 scripts/pi-hole/js/login.js           | 1 +
 scripts/pi-hole/js/settings-api.js    | 4 ++--
 scripts/pi-hole/js/settings-system.js | 1 +
 scripts/pi-hole/js/utils.js           | 1 +
 9 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/scripts/pi-hole/js/footer.js b/scripts/pi-hole/js/footer.js
index 380bc485..be54e1c1 100644
--- a/scripts/pi-hole/js/footer.js
+++ b/scripts/pi-hole/js/footer.js
@@ -121,6 +121,7 @@ function piholeChange(action, duration) {
     method: "POST",
     dataType: "json",
     processData: false,
+    contentType: "application/json; charset=utf-8",
     data: JSON.stringify({
       blocking: action === "enable",
       timer: parseInt(duration, 10) > 0 ? parseInt(duration, 10) : null,
diff --git a/scripts/pi-hole/js/groups-clients.js b/scripts/pi-hole/js/groups-clients.js
index 8ec90033..0c132e86 100644
--- a/scripts/pi-hole/js/groups-clients.js
+++ b/scripts/pi-hole/js/groups-clients.js
@@ -452,6 +452,7 @@ function addClient() {
     method: "post",
     dataType: "json",
     processData: false,
+    contentType: "application/json; charset=utf-8",
     data: JSON.stringify({ client: ips, comment: comment }),
     success: function (data) {
       utils.enableAll();
@@ -519,6 +520,7 @@ function editClient() {
     method: "put",
     dataType: "json",
     processData: false,
+    contentType: "application/json; charset=utf-8",
     data: JSON.stringify({
       client: client,
       groups: groups,
diff --git a/scripts/pi-hole/js/groups-domains.js b/scripts/pi-hole/js/groups-domains.js
index 4f912df1..c41d823e 100644
--- a/scripts/pi-hole/js/groups-domains.js
+++ b/scripts/pi-hole/js/groups-domains.js
@@ -503,16 +503,16 @@ function addDomain() {
     commentEl = $("#new_regex_comment");
   }
 
-  const comment = utils.escapeHtml(commentEl.val());
+  const comment = commentEl.val();
 
   // Check if the user wants to add multiple domains (space or newline separated)
   // If so, split the input and store it in an array
-  var domains = utils.escapeHtml(domainEl.val()).split(/\s+/);
+  var domains = domainEl.val().split(/\s+/);
   // Remove empty elements
   domains = domains.filter(function (el) {
     return el !== "";
   });
-  const domainStr = JSON.stringify(domains);
+  const domainStr = utils.escapeHtml(JSON.stringify(domains));
 
   utils.disableAll();
   utils.showAlert("info", "", "Adding domain(s)...", domainStr);
@@ -542,6 +542,7 @@ function addDomain() {
     method: "post",
     dataType: "json",
     processData: false,
+    contentType: "application/json; charset=utf-8",
     data: JSON.stringify({
       domain: domains,
       comment: comment,
@@ -629,6 +630,7 @@ function editDomain() {
     method: "put",
     dataType: "json",
     processData: false,
+    contentType: "application/json; charset=utf-8",
     data: JSON.stringify({
       groups: groups,
       comment: comment,
diff --git a/scripts/pi-hole/js/groups-lists.js b/scripts/pi-hole/js/groups-lists.js
index dc8c11de..92cbd4db 100644
--- a/scripts/pi-hole/js/groups-lists.js
+++ b/scripts/pi-hole/js/groups-lists.js
@@ -523,6 +523,7 @@ function addList(event) {
     method: "post",
     dataType: "json",
     processData: false,
+    contentType: "application/json; charset=utf-8",
     data: JSON.stringify({ address: addresses, comment: comment, type: type }),
     success: function (data) {
       utils.enableAll();
@@ -591,6 +592,7 @@ function editList() {
     method: "put",
     dataType: "json",
     processData: false,
+    contentType: "application/json; charset=utf-8",
     data: JSON.stringify({
       groups: groups,
       comment: comment,
diff --git a/scripts/pi-hole/js/groups.js b/scripts/pi-hole/js/groups.js
index 63047a4c..037dc7af 100644
--- a/scripts/pi-hole/js/groups.js
+++ b/scripts/pi-hole/js/groups.js
@@ -306,6 +306,7 @@ function addGroup() {
     method: "post",
     dataType: "json",
     processData: false,
+    contentType: "application/json; charset=utf-8",
     data: JSON.stringify({
       name: names,
       comment: comment,
@@ -373,6 +374,7 @@ function editGroup() {
     method: "put",
     dataType: "json",
     processData: false,
+    contentType: "application/json; charset=utf-8",
     data: JSON.stringify({
       name: name,
       comment: comment,
diff --git a/scripts/pi-hole/js/login.js b/scripts/pi-hole/js/login.js
index a1e4b5ca..fdd3f0d1 100644
--- a/scripts/pi-hole/js/login.js
+++ b/scripts/pi-hole/js/login.js
@@ -110,6 +110,7 @@ function doLogin(password) {
     method: "POST",
     dataType: "json",
     processData: false,
+    contentType: "application/json; charset=utf-8",
     data: JSON.stringify({ password: password, totp: parseInt($("#totp").val(), 10) }),
   })
     .done(function (data) {
diff --git a/scripts/pi-hole/js/settings-api.js b/scripts/pi-hole/js/settings-api.js
index cde5858a..caac6355 100644
--- a/scripts/pi-hole/js/settings-api.js
+++ b/scripts/pi-hole/js/settings-api.js
@@ -346,7 +346,7 @@ function setAppPassword() {
     dataType: "json",
     processData: false,
     data: JSON.stringify({ config: { webserver: { api: { app_pwhash: apppwhash } } } }),
-    contentType: "application/json",
+    contentType: "application/json; charset=utf-8",
   })
     .done(function () {
       $("#modal-apppw").modal("hide");
@@ -399,7 +399,7 @@ function setTOTPSecret(secret) {
     dataType: "json",
     processData: false,
     data: JSON.stringify({ config: { webserver: { api: { totp_secret: secret } } } }),
-    contentType: "application/json",
+    contentType: "application/json; charset=utf-8",
   })
     .done(function () {
       $("#button-enable-totp").addClass("hidden");
diff --git a/scripts/pi-hole/js/settings-system.js b/scripts/pi-hole/js/settings-system.js
index 4f0e280a..4a0844f4 100644
--- a/scripts/pi-hole/js/settings-system.js
+++ b/scripts/pi-hole/js/settings-system.js
@@ -298,6 +298,7 @@ $("#loggingButton").confirm({
       type: "PATCH",
       dataType: "json",
       processData: false,
+      contentType: "application/json; charset=utf-8",
       data: JSON.stringify(data),
     })
       .done(function (data) {
diff --git a/scripts/pi-hole/js/utils.js b/scripts/pi-hole/js/utils.js
index 63fc3ec8..95a94ede 100644
--- a/scripts/pi-hole/js/utils.js
+++ b/scripts/pi-hole/js/utils.js
@@ -319,6 +319,7 @@ function addFromQueryLog(domain, list) {
       method: "post",
       dataType: "json",
       processData: false,
+      contentType: "application/json; charset=utf-8",
       data: JSON.stringify({
         domain: domain,
         comment: "Added from Query Log",