security: prevent XSS when previewing images

streamtw · streamtw · commit 3bf53c9aae09 · 2023-11-22T16:33:54.000+08:00
diff --git a/public/js/script.js b/public/js/script.js
@@ -597,7 +597,7 @@ function preview(items) {
     }
 
     carouselItem.find('.carousel-label').attr('target', '_blank').attr('href', item.url)
-      .append(item.name)
+      .text(item.name)
       .append($('<i class="fas fa-external-link-alt ml-2"></i>'));
 
     carousel.children('.carousel-inner').append(carouselItem);

Original file line number	Diff line number	Diff line change
`@@ -597,7 +597,7 @@ function preview(items) {`
`597`	`597`	`}`
`598`	`598`
`599`	`599`	`carouselItem.find('.carousel-label').attr('target', '_blank').attr('href', item.url)`
`600`		`- .append(item.name)`
	`600`	`+ .text(item.name)`
`601`	`601`	`.append($('<i class="fas fa-external-link-alt ml-2"></i>'));`
`602`	`602`
`603`	`603`	`carousel.children('.carousel-inner').append(carouselItem);`