sb745/NyaaV3
1
0
Fork 0
mirror of https://github.com/sb745/NyaaV3.git synced 2025-12-23 04:35:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Incomplete multi-character sanitization fix

Browse source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
sb745 2025-12-22 04:08:31 +02:00 committed by GitHub
parent 653cf1af86
commit 27cc656842
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
nyaa/static/js/bootstrap-select.js vendored
View file

@ -804,8 +804,10 @@
title = typeof this.options.title !== 'undefined' ? this.options.title : this.options.noneSelectedText; title = typeof this.options.title !== 'undefined' ? this.options.title : this.options.noneSelectedText;
} }
//strip all HTML tags and trim the result, then unescape any escaped tags //strip all HTML tags in a DOM-safe way and trim the result, then unescape any escaped tags
this.$button.attr('title', htmlUnescape($.trim(title.replace(/<[^>]*>?/g, '')))); var $tmp = $('<div>').html(title);
var plainTitle = $tmp.text();
this.$button.attr('title', htmlUnescape($.trim(plainTitle)));
this.$button.children('.filter-option').html(title); this.$button.children('.filter-option').html(title);
this.$element.trigger('rendered.bs.select'); this.$element.trigger('rendered.bs.select');