sanitize filename suggestion
This commit is contained in:
@@ -1,3 +1,12 @@
|
|||||||
|
const escapeHtmlUpload = (unsafe) => {
|
||||||
|
return (unsafe || '').toString()
|
||||||
|
.replace(/&/g, "&")
|
||||||
|
.replace(/</g, "<")
|
||||||
|
.replace(/>/g, ">")
|
||||||
|
.replace(/"/g, """)
|
||||||
|
.replace(/'/g, "'");
|
||||||
|
};
|
||||||
|
|
||||||
window.initUploadForm = (selector) => {
|
window.initUploadForm = (selector) => {
|
||||||
const form = (typeof selector === 'string') ? document.querySelector(selector) : selector;
|
const form = (typeof selector === 'string') ? document.querySelector(selector) : selector;
|
||||||
if (!form) return;
|
if (!form) return;
|
||||||
@@ -740,7 +749,7 @@ window.initUploadForm = (selector) => {
|
|||||||
chip.className = 'tag-chip';
|
chip.className = 'tag-chip';
|
||||||
chip.style.cursor = 'pointer';
|
chip.style.cursor = 'pointer';
|
||||||
chip.title = 'Click to edit prefix or tag';
|
chip.title = 'Click to edit prefix or tag';
|
||||||
chip.innerHTML = `<span class="tag-text">${tagName}</span><button type="button">×</button>`;
|
chip.innerHTML = `<span class="tag-text">${escapeHtmlUpload(tagName)}</span><button type="button">×</button>`;
|
||||||
|
|
||||||
// Remove button logic
|
// Remove button logic
|
||||||
chip.querySelector('button').addEventListener('click', (e) => {
|
chip.querySelector('button').addEventListener('click', (e) => {
|
||||||
@@ -858,7 +867,7 @@ window.initUploadForm = (selector) => {
|
|||||||
const sug = document.createElement('div');
|
const sug = document.createElement('div');
|
||||||
sug.className = 'meta-suggestion';
|
sug.className = 'meta-suggestion';
|
||||||
sug.setAttribute('data-text', text);
|
sug.setAttribute('data-text', text);
|
||||||
sug.innerHTML = `<i class="fa fa-plus-circle" style="user-select:none"></i> <span>${text}</span>`;
|
sug.innerHTML = `<i class="fa fa-plus-circle" style="user-select:none"></i> <span>${escapeHtmlUpload(text)}</span>`;
|
||||||
|
|
||||||
sug.addEventListener('mouseup', (ev) => {
|
sug.addEventListener('mouseup', (ev) => {
|
||||||
const sel = window.getSelection?.()?.toString().trim();
|
const sel = window.getSelection?.()?.toString().trim();
|
||||||
@@ -967,7 +976,7 @@ window.initUploadForm = (selector) => {
|
|||||||
const scoreStr = typeof s.score === 'number' ? s.score.toFixed(2) : '0.00';
|
const scoreStr = typeof s.score === 'number' ? s.score.toFixed(2) : '0.00';
|
||||||
html += `
|
html += `
|
||||||
<div class="tag-suggestion-item">
|
<div class="tag-suggestion-item">
|
||||||
<span class="tag-suggestion-name">${s.tag}</span>
|
<span class="tag-suggestion-name">${escapeHtmlUpload(s.tag)}</span>
|
||||||
<span class="tag-suggestion-meta">${s.tagged || 0}× · ${scoreStr}</span>
|
<span class="tag-suggestion-meta">${s.tagged || 0}× · ${scoreStr}</span>
|
||||||
</div>
|
</div>
|
||||||
`;
|
`;
|
||||||
|
|||||||
Reference in New Issue
Block a user