diff --git a/static/js/media.js b/static/js/media.js index 35a881f0..053f978f 100644 --- a/static/js/media.js +++ b/static/js/media.js @@ -157,7 +157,8 @@ $(document).ready(function(){ csrf = $('#media-files').data('csrf'); console.log('index blob',blobId, csrf); dialog = $('#dialog-box') - dialog.find(".modal-body").html('
Indexing ' + filename + '
'); + dialog.find(".modal-body").html('Indexing ' + encodeURIComponent(filename) + + '
'); showDialog(); $.ajax({ url: '/media/'+blobId+'?index=1&csrf_token='+csrf, @@ -168,14 +169,19 @@ $(document).ready(function(){ var i; dialog.find('.modal-body .error').text(result.error); } else { - dialog.find(".modal-body").html('Indexing ' + filename + ' complete
'); + dialog.find(".modal-body").html('Indexing ' + + encodeURIComponent(filename) + + ' complete
'); if (result.representation) { $row.find('td.codec').text(result.representation.codecs); if(result.representation.encrypted) { $row.find('td.encrypted').html('✓'); $row.find('td.kid').html(""); for(i=0; i < result.representation.kids.length; ++i) { - $row.find('td.kid').append(''+result.representation.kids[i]+'
'); + $row.find('td.kid').append( + '' + + encodeURIComponent(result.representation.kids[i]) + + '
'); } } else { $row.find('td.encrypted').html('✗'); @@ -241,7 +247,9 @@ $(document).ready(function(){ data = new FormData(form[0]); $("#upload-form .submit").prop("disabled", true); dialog = $('#dialog-box') - dialog.find(".modal-body").html('Uploading ' + filename + '
'); + dialog.find(".modal-body").html('Uploading ' + + encodeURIComponent(filename) + + '
'); showDialog(); $.ajax({ url: form.attr("action"), @@ -261,7 +269,9 @@ $(document).ready(function(){ err.text(data.error); return; } - dialog.find(".modal-body").html('Finished uploading ' + filename+ '✓'); + dialog.find(".modal-body").html('
Finished uploading ' + + encodeURIComponent(filename) + + '✓'); if(data.upload_url) { $('#upload-form').attr('action', data.upload_url); }