From 3bf53c9aae09d11235304e9305cd16bc27e6424a Mon Sep 17 00:00:00 2001 From: Stream Date: Wed, 22 Nov 2023 16:33:54 +0800 Subject: [PATCH] security: prevent XSS when previewing images --- public/js/script.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/js/script.js b/public/js/script.js index 2a2b49c9..a296bc8e 100644 --- a/public/js/script.js +++ b/public/js/script.js @@ -597,7 +597,7 @@ function preview(items) { } carouselItem.find('.carousel-label').attr('target', '_blank').attr('href', item.url) - .append(item.name) + .text(item.name) .append($('')); carousel.children('.carousel-inner').append(carouselItem);