You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: static/dashboard.js
+12-2Lines changed: 12 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -4,6 +4,16 @@ let emailAccounts = [];
4
4
letavailableDomains=[];
5
5
letselectedDomain=null;
6
6
7
+
// Escape a string for HTML insertion (prevents XSS)
8
+
functionescapeHTML(str){
9
+
returnString(str)
10
+
.replace(/&/g,"&")
11
+
.replace(/</g,"<")
12
+
.replace(/>/g,">")
13
+
.replace(/"/g,""")
14
+
.replace(/'/g,"'");
15
+
}
16
+
7
17
// Helper function to validate destinations (including special ones)
8
18
functionisValidDestination(destination){
9
19
// Allow special destinations
@@ -228,9 +238,9 @@ async function loadForwarders() {
228
238
console.error('Error loading forwarders:',error);
229
239
230
240
if(error.response&&error.response.status===403){
231
-
tbody.innerHTML='<tr><td colspan="3" class="error-message">Domain access denied: '+selectedDomain+' may not be configured in your DirectAdmin account.</td></tr>';
241
+
tbody.innerHTML='<tr><td colspan="3" class="error-message">Domain access denied: '+escapeHTML(selectedDomain)+' may not be configured in your DirectAdmin account.</td></tr>';
232
242
}else{
233
-
tbody.innerHTML='<tr><td colspan="3" class="error-message">Failed to load forwarders for '+selectedDomain+'. Please check your DirectAdmin settings.</td></tr>';
243
+
tbody.innerHTML='<tr><td colspan="3" class="error-message">Failed to load forwarders for '+escapeHTML(selectedDomain)+'. Please check your DirectAdmin settings.</td></tr>';
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?v=4&size=40){kind=avatar}
0 commit comments