aboutsummaryrefslogtreecommitdiffhomepage
path: root/client/src/app/+admin/system/jobs
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-11-14 14:21:40 +0100
committerChocobozzz <me@florianbigard.com>2022-11-14 14:21:40 +0100
commit2198bb5a1981177b04dd94b2b1b6a90c5d7a5c25 (patch)
tree668365a50351c573949e066c1be440683795e262 /client/src/app/+admin/system/jobs
parentb1934b7e9cdece7c0c38e05b0f905dc2ccab9167 (diff)
downloadPeerTube-2198bb5a1981177b04dd94b2b1b6a90c5d7a5c25.tar.gz
PeerTube-2198bb5a1981177b04dd94b2b1b6a90c5d7a5c25.tar.zst
PeerTube-2198bb5a1981177b04dd94b2b1b6a90c5d7a5c25.zip
Prevent XSS with ng-select
When using ng-option See https://github.com/ng-select/ng-select/issues/1363
Diffstat (limited to 'client/src/app/+admin/system/jobs')
-rw-r--r--client/src/app/+admin/system/jobs/jobs.component.ts6
1 files changed, 5 insertions, 1 deletions
diff --git a/client/src/app/+admin/system/jobs/jobs.component.ts b/client/src/app/+admin/system/jobs/jobs.component.ts
index d5da1b743..b8f3c3a68 100644
--- a/client/src/app/+admin/system/jobs/jobs.component.ts
+++ b/client/src/app/+admin/system/jobs/jobs.component.ts
@@ -2,6 +2,7 @@ import { SortMeta } from 'primeng/api'
2import { Component, OnInit } from '@angular/core' 2import { Component, OnInit } from '@angular/core'
3import { Notifier, RestPagination, RestTable } from '@app/core' 3import { Notifier, RestPagination, RestTable } from '@app/core'
4import { peertubeLocalStorage } from '@root-helpers/peertube-web-storage' 4import { peertubeLocalStorage } from '@root-helpers/peertube-web-storage'
5import { escapeHTML } from '@shared/core-utils/renderer'
5import { Job, JobState, JobType } from '@shared/models' 6import { Job, JobState, JobType } from '@shared/models'
6import { JobStateClient } from '../../../../types/job-state-client.type' 7import { JobStateClient } from '../../../../types/job-state-client.type'
7import { JobTypeClient } from '../../../../types/job-type-client.type' 8import { JobTypeClient } from '../../../../types/job-type-client.type'
@@ -142,7 +143,10 @@ export class JobsComponent extends RestTable implements OnInit {
142 143
143 private loadJobStateAndType () { 144 private loadJobStateAndType () {
144 const state = peertubeLocalStorage.getItem(JobsComponent.LOCAL_STORAGE_STATE) 145 const state = peertubeLocalStorage.getItem(JobsComponent.LOCAL_STORAGE_STATE)
145 if (state) this.jobState = state as JobState 146
147 // FIXME: We use <ng-option> that doesn't escape HTML
148 // https://github.com/ng-select/ng-select/issues/1363
149 if (state) this.jobState = escapeHTML(state) as JobState
146 150
147 const type = peertubeLocalStorage.getItem(JobsComponent.LOCAL_STORAGE_TYPE) 151 const type = peertubeLocalStorage.getItem(JobsComponent.LOCAL_STORAGE_TYPE)
148 if (type) this.jobType = type as JobType 152 if (type) this.jobType = type as JobType