ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

defend against XSS in Monitor Name

pull/2910/head
Isaac Connor 2020-04-10 11:05:48 -04:00
parent 7473b0572a
commit aad0b9362c
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
web/skins/classic/views/js/event.js.php
View File

@ -34,7 +34,7 @@ var eventData = {
StartTime: '<?php echo $Event->StartTime() ?>',
EndTime: '<?php echo $Event->EndTime() ?>',
Frames: '<?php echo $Event->Frames() ?>',
MonitorName: '<?php echo $Monitor->Name() ?>'
MonitorName: '<?php echo validJsStr($Monitor->Name()) ?>'
};
var monitorUrl = '<?php echo $Event->Storage()->Server()->UrlToIndex(); ?>';
@ -46,7 +46,7 @@ var rate = '<?php echo $rate ?>'; // really only used when setting up initial pl
var scale = "<?php echo $scale ?>";
var LabelFormat = "<?php echo validJsStr($Monitor->LabelFormat())?>";
var canEditEvents = <?php echo canEdit( 'Events' )?'true':'false' ?>;
var canEditEvents = <?php echo canEdit('Events')?'true':'false' ?>;
var streamTimeout = <?php echo 1000*ZM_WEB_REFRESH_STATUS ?>;
var canStreamNative = <?php echo canStreamNative()?'true':'false' ?>;
@ -55,8 +55,8 @@ var streamMode = '<?php echo $streamMode ?>';
//
// Strings
//
var deleteString = "<?php echo translate('Delete') ?>";
var causeString = "<?php echo translate('AttrCause') ?>";
var deleteString = "<?php echo validJsStr(translate('Delete')) ?>";
var causeString = "<?php echo validJsStr(translate('AttrCause')) ?>";
var WEB_LIST_THUMB_WIDTH = '<?php echo ZM_WEB_LIST_THUMB_WIDTH ?>';
var WEB_LIST_THUMB_HEIGHT = '<?php echo ZM_WEB_LIST_THUMB_HEIGHT ?>';
var popup = '<?php echo $popup ?>';