joachim/FileRise
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

setAttribute + encodeURI to avoid “DOM text reinterpreted as HTML” alerts

Browse Source
This commit is contained in:
Ryan
2025-05-14 07:00:04 -04:00
committed by GitHub
parent 87368143b5
commit 1add160f5d
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -99,6 +99,8 @@
- **Strip trailing colons** from the stored URL (`rtrim($parts[3], ':')`) so we never send `…png:` back to the client. - **Strip trailing colons** from the stored URL (`rtrim($parts[3], ':')`) so we never send `…png:` back to the client.
- Returns an array with both `'username'` and `'profile_picture'`, matching what `getCurrentUser.php` needs. - Returns an array with both `'username'` and `'profile_picture'`, matching what `getCurrentUser.php` needs.
### 10. setAttribute + encodeURI to avoid “DOM text reinterpreted as HTML” alerts
--- ---
## Changes 5/8/2025 ## Changes 5/8/2025

3
public/js/authModals.js
View File

@@ -349,6 +349,9 @@ export async function openUserPanel() {
if (!f) return; if (!f) return;
// preview immediately // preview immediately
img.src = URL.createObjectURL(f); img.src = URL.createObjectURL(f);
const blobUrl = URL.createObjectURL(f);
// use setAttribute + encodeURI to avoid “DOM text reinterpreted as HTML” alerts
img.setAttribute('src', encodeURI(blobUrl));
// upload // upload
const fd = new FormData(); const fd = new FormData();
fd.append('profile_picture', f); fd.append('profile_picture', f);