arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
* Rework frontend code interacting directly with DOM

Rework frontend code that uses user-supplied data to render things like
comments and notes. In places where using React's built-in sanitization
is possible, the feature is used. In other places, where some markup
might be necessary, DOMPurify is used to sanitize the HTML before
rendering it.

Solves: GHSA-rh3r-8pxm-hg4w

* Remove test post DOM rework

* fixup! Rework frontend code interacting directly with DOM
This commit is contained in:
Alex Gustafsson
2026-02-03 18:22:57 +01:00
committed by GitHub
parent c3a4585c83
commit d7ec7355c9
11 changed files with 99 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ui/src/layout/Login.jsx
+2
View File
@@ -136,6 +136,8 @@ const FormLogin = ({ loading, handleSubmit, validate }) => {
{config.welcomeMessage && (
<div
className={classes.welcome}
// Use dangerouslySetInnerHTML to allow admins to configure
// whatever content they want
dangerouslySetInnerHTML={{ __html: config.welcomeMessage }}
/>
)}