nik/navidrome
1
0
Fork 0
mirror of https://github.com/navidrome/navidrome.git synced 2026-05-03 06:51:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use template.JS for ShareInfo and APlayerScript

Browse Source 
Wrap ShareInfo and APlayerScript with template.JS to ensure they are safely injected as JavaScript in templates, preventing potential escaping issues.
This commit is contained in:
Sora 2026-01-20 10:20:10 +08:00
parent 08b5e3bc85
commit 1ddc8ccbf4
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/public/handle_shares.go
View File

@ -183,8 +183,8 @@ func (pub *Router) handleAPlayer(w http.ResponseWriter, r *http.Request) {
data := map[string]interface{}{
"ShareDescription": description,
"ShareInfo": string(shareInfoJSON),
"APlayerScript": string(scriptContent),
"ShareInfo": template.JS(shareInfoJSON),
"APlayerScript": template.JS(scriptContent),
"BaseURL": baseURL,
}