mirror/transmission
1
0
Fork 0
mirror of https://github.com/transmission/transmission synced 2025-03-03 18:25:35 +00:00
Code Issues Releases Wiki Activity

HTML-escape torrent name displayed in trackers inspector tab

Browse source 
This will prevent injection of arbitrary HTML when multiple torrents are
selected. Follow-up to the previous commit.
This commit is contained in:
Mike Gelfand 2018-02-23 22:37:20 +03:00
parent 523d8c1317
commit 913d9d3f37
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
web/javascript/inspector.js
View file

@ -716,7 +716,7 @@ function Inspector(controller) {
html.push ('<div class="inspector_group">');
if (torrents.length > 1)
html.push('<div class="inspector_torrent_label">', tor.getName(), '</div>');
html.push('<div class="inspector_torrent_label">', sanitizeText(tor.getName()), '</div>');
tier = -1;
trackers = tor.getTrackers();