From edde35156d9a55e59c805a60d1d81790f120e2f4 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com> Date: Thu, 19 Mar 2026 12:44:30 +0100 Subject: [PATCH] escape HTML in qitem details --- data/web/js/site/quarantine.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/data/web/js/site/quarantine.js b/data/web/js/site/quarantine.js index fbf4fe862..8334ff504 100644 --- a/data/web/js/site/quarantine.js +++ b/data/web/js/site/quarantine.js @@ -226,18 +226,18 @@ jQuery(function($){ } if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) { $.each(data.fuzzy_hashes, function (index, value) { - $('#qid_detail_fuzzy').append('

' + value + '

'); + $('#qid_detail_fuzzy').append('

' + escapeHtml(value) + '

'); }); } else { $('#qid_detail_fuzzy').append('-'); } if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') { if (data.action == "add header") { - $('#qid_detail_score').append('' + data.score + ' - ' + lang.junk_folder + ''); + $('#qid_detail_score').append('' + escapeHtml(data.score) + ' - ' + lang.junk_folder + ''); } else if (data.action == "reject") { - $('#qid_detail_score').append('' + data.score + ' - ' + lang.rejected + ''); + $('#qid_detail_score').append('' + escapeHtml(data.score) + ' - ' + lang.rejected + ''); } else if (data.action == "rewrite subject") { - $('#qid_detail_score').append('' + data.score + ' - ' + lang.rewrite_subject + ''); + $('#qid_detail_score').append('' + escapeHtml(data.score) + ' - ' + lang.rewrite_subject + ''); } } if (typeof data.recipients !== 'undefined') { @@ -254,8 +254,8 @@ jQuery(function($){ qAtts.text(''); $.each(data.attachments, function(index, value) { qAtts.append( - '

' + value[0] + ' (' + value[1] + ')' + - ' - ' + lang.check_hash + '

' + '

' + escapeHtml(value[0]) + ' (' + escapeHtml(value[1]) + ')' + + ' - ' + lang.check_hash + '

' ); }); }