From 3bf53c9aae09d11235304e9305cd16bc27e6424a Mon Sep 17 00:00:00 2001
From: Stream <streamtw.one@gmail.com>
Date: Wed, 22 Nov 2023 16:33:54 +0800
Subject: [PATCH] security: prevent XSS when previewing images

---
 public/js/script.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/js/script.js b/public/js/script.js
index 2a2b49c9..a296bc8e 100644
--- a/public/js/script.js
+++ b/public/js/script.js
@@ -597,7 +597,7 @@ function preview(items) {
     }
 
     carouselItem.find('.carousel-label').attr('target', '_blank').attr('href', item.url)
-      .append(item.name)
+      .text(item.name)
       .append($('<i class="fas fa-external-link-alt ml-2"></i>'));
 
     carousel.children('.carousel-inner').append(carouselItem);