mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-01-06 09:39:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix xss issues

Browse Source
This commit is contained in:
Squidly271
2025-10-03 14:42:26 -04:00
committed by GitHub
parent 7f37e7090e
commit cdbd2e9a69
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
emhttp/plugins/dynamix/include/DefaultPageLayout/MainContentTabbed.php
View File

@@ -20,7 +20,7 @@
tabindex="<?= $i === 0 ? '0' : '-1' ?>"
aria-selected="<?= $i === 0 ? 'true' : 'false' ?>"
<? if ( isset($page['Focus']) ): ?>
data-focus="<?= $page['Focus'] ?>"
data-focus="<?= htmlspecialchars($page['Focus'], ENT_QUOTES, 'UTF-8') ?>"
<? endif; ?>
>
<?= tab_title($title, $page['root'], _var($page, 'Tag', false)) ?>
@@ -142,10 +142,11 @@ tabs.forEach((tab, i) => {
tab.focus();
// call the focus function if it exists
if (tab.getAttribute('data-focus') ) {
try {
eval(tab.getAttribute('data-focus'));
} catch (e) {
console.error('Error calling focus function: ' + e);
const focusFnName = tab.getAttribute('data-focus');
if (typeof window[focusFnName] === 'function') {
window[focusFnName]();
} else {
console.error('Focus function not found: ' + focusFnName);
}
}
});