From 11de6183206d585dda24bc4015680accdb7521c6 Mon Sep 17 00:00:00 2001 From: Vamsi0702 Date: Fri, 30 Jan 2026 15:11:17 +0530 Subject: [PATCH] security: escape media title in MediaView to prevent XSS --- app/assets/js/rtMedia.backbone.js | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/app/assets/js/rtMedia.backbone.js b/app/assets/js/rtMedia.backbone.js index 1121aea3a..1762698b4 100755 --- a/app/assets/js/rtMedia.backbone.js +++ b/app/assets/js/rtMedia.backbone.js @@ -460,7 +460,12 @@ jQuery(function ($) { this.render(); }, render: function () { - $(this.el).html(this.template(this.model.toJSON())); + var data = this.model.toJSON(); + // High-Quality Fix: Escape the media title to prevent XSS + if (data.media_title) { + data.media_title = rtm_escape_html(data.media_title); + } + $(this.el).html(this.template(data)); return this.el; }, unrender: function () { @@ -1483,7 +1488,7 @@ jQuery(document).ready(function ($) { /** * Commented by : Naveen giri * Reason : Commenting this code because its overriding buddypress functionality - * and introducing issue Duplicate activity generation Issue #108. + * and introducing issue Duplicate activity generation Issue #108. */ /*JQuery( '#aw-whats-new-submit' ).removeAttr( 'disabled' ); jQuery( document ).on( 'blur', '#whats-new', function() { @@ -3679,7 +3684,7 @@ function rtmedia_disable_popup_navigation($selector) { /** * Function that smooth scrolls to the latest comment in rtMedia. - * Created on 23-Nov-2020 by Vipin Kumar Dinkar + * Created on 23-Nov-2020 by Vipin Kumar Dinkar */ const rtMediaScrollComments = () => { const commentBox = document.getElementById("rtmedia_comment_ul"); @@ -3703,4 +3708,4 @@ const rtMediaMaxSizeMessage = () => { } }; -rtMediaMaxSizeMessage(); +rtMediaMaxSizeMessage(); \ No newline at end of file