github/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent synced 2025-08-20 05:13:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix encoding of special characters

Browse source 
Special characters would get html encoded (& -> &amp;). This has been tested against several payloads (e.g. <script>alert(0)</script>) to ensure it's not vulnerable to XSS.
This commit is contained in:
Tom Piccirello 2019-06-20 22:15:32 -07:00 committed by GitHub
commit 368fbd9e7d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/webui/www/private/rename.html
View file

@ -33,7 +33,7 @@
var name = new URI().getData('name'); var name = new URI().getData('name');
// set text field to current value // set text field to current value
if (name) if (name)
$('rename').value = escapeHtml(decodeURIComponent(name)); $('rename').value = decodeURIComponent(name);
$('rename').focus(); $('rename').focus();
$('renameButton').addEvent('click', function(e) { $('renameButton').addEvent('click', function(e) {