fix: xss on select2 results

This commit is contained in:
imperosol 2024-10-17 08:12:09 +02:00
parent 150d08dc45
commit 5d16ba135a

View File

@ -265,17 +265,22 @@ export function itemFormatter(user: { loading: boolean; text: string }) {
export function selectItemBuilder(pictureGetter?: (item: RemoteResult) => string) { export function selectItemBuilder(pictureGetter?: (item: RemoteResult) => string) {
return (item: RemoteResult) => { return (item: RemoteResult) => {
const picture = typeof pictureGetter === "function" ? pictureGetter(item) : null; const picture = typeof pictureGetter === "function" ? pictureGetter(item) : null;
const imgHtml = picture const wrapper = document.createElement("div");
? `<img wrapper.classList.add("select-item");
src="${pictureGetter(item)}" if (picture) {
alt="${item.text}" const img = document.createElement("img");
onerror="this.src = '/static/core/img/unknown.jpg'" img.src = picture;
/>` img.alt = encodeURI(item.text);
: ""; img.onerror = () => {
img.src = "/static/core/img/unknown.jpg";
};
wrapper.appendChild(img);
}
const textSpan = document.createElement("span");
textSpan.classList.add("select-item-text");
textSpan.appendChild(document.createTextNode(item.text));
wrapper.appendChild(textSpan);
return $(`<div class="select-item"> return $(wrapper);
${imgHtml}
<span class="select-item-text">${item.text}</span>
</div>`);
}; };
} }