Fix XSS issue
This commit is contained in:
Chocobozzz
@ -1,3 +1,5 @@
|
||||
import * as DOMPurify from 'dompurify'
|
||||
|
||||
export function buildPlayer (video, player, videojs) {
|
||||
window.videojs = videojs
|
||||
require('videojs-overlay')
|
||||
@ -8,7 +10,7 @@ export function buildPlayer (video, player, videojs) {
|
||||
|
||||
const annotationsText = video.pluginData[fieldName]
|
||||
|
||||
const annotations = parseAnnotations(annotationsText)
|
||||
const annotations = parseAnnotations(video, annotationsText)
|
||||
if (!annotations) return
|
||||
|
||||
console.log('Will inject annotations in player.', annotations)
|
||||
@ -18,24 +20,27 @@ export function buildPlayer (video, player, videojs) {
|
||||
})
|
||||
}
|
||||
|
||||
function parseAnnotations (annotationsText) {
|
||||
const splitted = annotationsText.split(/\n\r?\n\r?/)
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
return splitted.map(s => buildAnnotation(s))
|
||||
function parseAnnotations (video, annotationsText) {
|
||||
const splitted = annotationsText.split(/\n\r?\n\r?/)
|
||||
.filter(line => !!line)
|
||||
|
||||
return splitted.map(s => buildAnnotation(video, s))
|
||||
.filter(a => !!a)
|
||||
}
|
||||
|
||||
function buildAnnotation (text) {
|
||||
function buildAnnotation (video, text) {
|
||||
const splitted = text.split('\n')
|
||||
if (splitted.length < 2) {
|
||||
console.error('Cannot build annotation %s.', text)
|
||||
console.error('Cannot build annotation "%s".', text)
|
||||
return undefined
|
||||
}
|
||||
|
||||
const timestampsText = splitted.shift()
|
||||
const timestamps = buildTimestamps(timestampsText)
|
||||
if (!timestamps) {
|
||||
console.error('Cannot build timestamp %s of %s.', timestampsText, text)
|
||||
console.error('Cannot build timestamp "%s" of "%s".', timestampsText, text)
|
||||
return undefined
|
||||
}
|
||||
|
||||
@ -46,7 +51,7 @@ function buildAnnotation (text) {
|
||||
options = buildOptions(optionsText)
|
||||
|
||||
if (!options) {
|
||||
console.error('Cannot build options %s of %s.', optionsText, text)
|
||||
console.error('Cannot build options "%s" of "%s".', optionsText, text)
|
||||
} else {
|
||||
splitted.shift()
|
||||
}
|
||||
@ -58,7 +63,7 @@ function buildAnnotation (text) {
|
||||
|
||||
const result = {
|
||||
align,
|
||||
content
|
||||
content: DOMPurify.sanitize(content)
|
||||
}
|
||||
|
||||
result.start = timestamps.start || 0
|
||||
|
||||
Reference in New Issue
Block a user