kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-04-29 09:39:57 +00:00
Code Issues Projects Releases Wiki Activity

Escape HTML when displaying recipes on /mealplan (references #1868)

Browse Source
This commit is contained in:
Bernd Bestel 2022-04-21 21:32:28 +02:00
parent c4388a6f8f
commit 845e69fb96
No known key found for this signature in database
GPG Key ID: 71BD34C0D4891300
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
public/js/extensions.js
View File

@ -21,6 +21,11 @@ String.prototype.replaceAll = function(search, replacement)
return this.replace(new RegExp(search, "g"), replacement); return this.replace(new RegExp(search, "g"), replacement);
}; };
String.prototype.escapeHTML = function()
{
return this.replace(/[&<>"'`=\/]/g, s => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;', '/': '&#x2F;', '`': '&#x60;', '=': '&#x3D;' })[s]);;
};
GetUriParam = function(key) GetUriParam = function(key)
{ {
var currentUri = window.location.search.substring(1); var currentUri = window.location.search.substring(1);

2
public/viewjs/mealplan.js
View File

@ -139,6 +139,8 @@ $(".calendar").each(function()
return false; return false;
} }
recipe.name = recipe.name.escapeHTML();
var internalShadowRecipe = FindObjectInArrayByPropertyValue(internalRecipes, "name", mealPlanEntry.day + "#" + mealPlanEntry.id); var internalShadowRecipe = FindObjectInArrayByPropertyValue(internalRecipes, "name", mealPlanEntry.day + "#" + mealPlanEntry.id);
var resolvedRecipe = FindObjectInArrayByPropertyValue(recipesResolved, "recipe_id", internalShadowRecipe.id); var resolvedRecipe = FindObjectInArrayByPropertyValue(recipesResolved, "recipe_id", internalShadowRecipe.id);