security: prevent XSS when previewing images

UniSharp · Nov 22, 2023 · 3bf53c9 · 3bf53c9
1 parent 6b08141
commit 3bf53c9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/public/js/script.js b/public/js/script.js
@@ -597,7 +597,7 @@ function preview(items) {
     }
 
     carouselItem.find('.carousel-label').attr('target', '_blank').attr('href', item.url)
-      .append(item.name)
+      .text(item.name)
       .append($('<i class="fas fa-external-link-alt ml-2"></i>'));
 
     carousel.children('.carousel-inner').append(carouselItem);