arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
* Rework frontend code interacting directly with DOM

Rework frontend code that uses user-supplied data to render things like
comments and notes. In places where using React's built-in sanitization
is possible, the feature is used. In other places, where some markup
might be necessary, DOMPurify is used to sanitize the HTML before
rendering it.

Solves: GHSA-rh3r-8pxm-hg4w

* Remove test post DOM rework

* fixup! Rework frontend code interacting directly with DOM
This commit is contained in:
Alex Gustafsson
2026-02-03 18:22:57 +01:00
committed by GitHub
parent c3a4585c83
commit d7ec7355c9
11 changed files with 99 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ui/src/artist/DesktopArtistDetails.jsx
+2 -1
View File
@@ -11,6 +11,7 @@ import Lightbox from 'react-image-lightbox'
import ExpandInfoDialog from '../dialogs/ExpandInfoDialog'
import AlbumInfo from '../album/AlbumInfo'
import subsonic from '../subsonic'
import { SafeHTML } from '../common/SafeHTML'
const useStyles = makeStyles(
(theme) => ({
@@ -172,7 +173,7 @@ const DesktopArtistDetails = ({ artistInfo, record, biography }) => {
variant={'body1'}
onClick={() => setExpanded(!expanded)}
>
<span dangerouslySetInnerHTML={{ __html: biography }} />
<span><SafeHTML>{biography}</SafeHTML></span>
</Typography>
</Collapse>
</CardContent>