diff options
author | Chocobozzz <me@florianbigard.com> | 2022-11-14 14:21:40 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-11-14 14:21:40 +0100 |
commit | 2198bb5a1981177b04dd94b2b1b6a90c5d7a5c25 (patch) | |
tree | 668365a50351c573949e066c1be440683795e262 /client/src/app/+admin/system/jobs | |
parent | b1934b7e9cdece7c0c38e05b0f905dc2ccab9167 (diff) | |
download | PeerTube-2198bb5a1981177b04dd94b2b1b6a90c5d7a5c25.tar.gz PeerTube-2198bb5a1981177b04dd94b2b1b6a90c5d7a5c25.tar.zst PeerTube-2198bb5a1981177b04dd94b2b1b6a90c5d7a5c25.zip |
Prevent XSS with ng-select
When using ng-option
See https://github.com/ng-select/ng-select/issues/1363
Diffstat (limited to 'client/src/app/+admin/system/jobs')
-rw-r--r-- | client/src/app/+admin/system/jobs/jobs.component.ts | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/client/src/app/+admin/system/jobs/jobs.component.ts b/client/src/app/+admin/system/jobs/jobs.component.ts index d5da1b743..b8f3c3a68 100644 --- a/client/src/app/+admin/system/jobs/jobs.component.ts +++ b/client/src/app/+admin/system/jobs/jobs.component.ts | |||
@@ -2,6 +2,7 @@ import { SortMeta } from 'primeng/api' | |||
2 | import { Component, OnInit } from '@angular/core' | 2 | import { Component, OnInit } from '@angular/core' |
3 | import { Notifier, RestPagination, RestTable } from '@app/core' | 3 | import { Notifier, RestPagination, RestTable } from '@app/core' |
4 | import { peertubeLocalStorage } from '@root-helpers/peertube-web-storage' | 4 | import { peertubeLocalStorage } from '@root-helpers/peertube-web-storage' |
5 | import { escapeHTML } from '@shared/core-utils/renderer' | ||
5 | import { Job, JobState, JobType } from '@shared/models' | 6 | import { Job, JobState, JobType } from '@shared/models' |
6 | import { JobStateClient } from '../../../../types/job-state-client.type' | 7 | import { JobStateClient } from '../../../../types/job-state-client.type' |
7 | import { JobTypeClient } from '../../../../types/job-type-client.type' | 8 | import { JobTypeClient } from '../../../../types/job-type-client.type' |
@@ -142,7 +143,10 @@ export class JobsComponent extends RestTable implements OnInit { | |||
142 | 143 | ||
143 | private loadJobStateAndType () { | 144 | private loadJobStateAndType () { |
144 | const state = peertubeLocalStorage.getItem(JobsComponent.LOCAL_STORAGE_STATE) | 145 | const state = peertubeLocalStorage.getItem(JobsComponent.LOCAL_STORAGE_STATE) |
145 | if (state) this.jobState = state as JobState | 146 | |
147 | // FIXME: We use <ng-option> that doesn't escape HTML | ||
148 | // https://github.com/ng-select/ng-select/issues/1363 | ||
149 | if (state) this.jobState = escapeHTML(state) as JobState | ||
146 | 150 | ||
147 | const type = peertubeLocalStorage.getItem(JobsComponent.LOCAL_STORAGE_TYPE) | 151 | const type = peertubeLocalStorage.getItem(JobsComponent.LOCAL_STORAGE_TYPE) |
148 | if (type) this.jobType = type as JobType | 152 | if (type) this.jobType = type as JobType |