diff --git a/src/UI/Settings/UITabAbout.js b/src/UI/Settings/UITabAbout.js
index 3d49b75f..f2842bc8 100644
--- a/src/UI/Settings/UITabAbout.js
+++ b/src/UI/Settings/UITabAbout.js
@@ -96,7 +96,7 @@ export default {
puter.os.version()
.then(res => {
const deployed_date = new Date(res.deploy_timestamp).toLocaleString();
- $el_window.find('.version').html(`Version: ${res.version} • Server: ${res.location} • Deployed: ${deployed_date}`);
+ $el_window.find('.version').html(`Version: ${html_encode(res.version)} • Server: ${html_encode(res.location)} • Deployed: ${deployed_date}`);
})
.catch(error => {
console.error("Failed to fetch server info:", error);
diff --git a/src/UI/Settings/UITabClock.js b/src/UI/Settings/UITabClock.js
index 03eb7be9..498aa87e 100644
--- a/src/UI/Settings/UITabClock.js
+++ b/src/UI/Settings/UITabClock.js
@@ -16,7 +16,6 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see .
*/
-import UIWindowThemeDialog from '../UIWindowThemeDialog.js';
// About
export default {
diff --git a/src/UI/Settings/UITabLanguage.js b/src/UI/Settings/UITabLanguage.js
index c0c36df2..361cdb74 100644
--- a/src/UI/Settings/UITabLanguage.js
+++ b/src/UI/Settings/UITabLanguage.js
@@ -16,7 +16,6 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see .
*/
-import UIWindowThemeDialog from '../UIWindowThemeDialog.js';
import changeLanguage from '../../i18n/i18nChangeLanguage.js';
// About
diff --git a/src/UI/Settings/UIWindowFinalizeUserDeletion.js b/src/UI/Settings/UIWindowFinalizeUserDeletion.js
index aec5dbae..505a6270 100644
--- a/src/UI/Settings/UIWindowFinalizeUserDeletion.js
+++ b/src/UI/Settings/UIWindowFinalizeUserDeletion.js
@@ -139,7 +139,7 @@ async function UIWindowFinalizeUserDeletion(options){
logout();
}
else{
- $(el_window).find('.error-message').html(data.error);
+ $(el_window).find('.error-message').html(html_encode(data.error));
$(el_window).find('.error-message').show();
}
diff --git a/src/UI/Settings/UIWindowSettings.js b/src/UI/Settings/UIWindowSettings.js
index a1827401..2a720372 100644
--- a/src/UI/Settings/UIWindowSettings.js
+++ b/src/UI/Settings/UIWindowSettings.js
@@ -18,19 +18,12 @@
*/
import UIWindow from '../UIWindow.js'
-import UIWindowChangePassword from '../UIWindowChangePassword.js'
-import UIWindowChangeEmail from './UIWindowChangeEmail.js'
-import UIWindowChangeUsername from '../UIWindowChangeUsername.js'
-import changeLanguage from "../../i18n/i18nChangeLanguage.js"
-import UIWindowConfirmUserDeletion from './UIWindowConfirmUserDeletion.js';
import AboutTab from './UITabAbout.js';
import UsageTab from './UITabUsage.js';
import AccountTab from './UITabAccount.js';
import PersonalizationTab from './UITabPersonalization.js';
import LanguageTab from './UITabLanguage.js';
import ClockTab from './UITabClock.js';
-import UIWindowThemeDialog from '../UIWindowThemeDialog.js';
-import UIWindowManageSessions from '../UIWindowManageSessions.js';
async function UIWindowSettings(options){
return new Promise(async (resolve) => {
diff --git a/src/UI/UIWindowChangePassword.js b/src/UI/UIWindowChangePassword.js
index 9383017f..8aeeda5d 100644
--- a/src/UI/UIWindowChangePassword.js
+++ b/src/UI/UIWindowChangePassword.js
@@ -131,7 +131,7 @@ async function UIWindowChangePassword(options){
$(el_window).find('input').val('');
},
error: function (err){
- $(el_window).find('.form-error-msg').html(err.responseText);
+ $(el_window).find('.form-error-msg').html(html_encode(err.responseText));
$(el_window).find('.form-error-msg').fadeIn();
}
});
diff --git a/src/UI/UIWindowEmailConfirmationRequired.js b/src/UI/UIWindowEmailConfirmationRequired.js
index 88eb9ca7..46bba008 100644
--- a/src/UI/UIWindowEmailConfirmationRequired.js
+++ b/src/UI/UIWindowEmailConfirmationRequired.js
@@ -140,7 +140,7 @@ function UIWindowEmailConfirmationRequired(options){
}
},
error: function(res){
- $(el_window).find('.error').html(res.responseJSON.error);
+ $(el_window).find('.error').html(html_encode(res.responseJSON.error));
$(el_window).find('.error').fadeIn();
$(el_window).find('.digit-input').val('');
$(el_window).find('.digit-input').first().focus();
diff --git a/src/UI/UIWindowLogin.js b/src/UI/UIWindowLogin.js
index 98920a17..b8e1c1ba 100644
--- a/src/UI/UIWindowLogin.js
+++ b/src/UI/UIWindowLogin.js
@@ -75,7 +75,7 @@ async function UIWindowLogin(options){
puter.os.version()
.then(res => {
const deployed_date = new Date(res.deploy_timestamp).toLocaleString();
- $("#version-placeholder").html(`Version: ${res.version} • Server: ${res.location} • Deployed: ${deployed_date}`);
+ $("#version-placeholder").html(`Version: ${html_encode(res.version)} • Server: ${html_encode(res.location)} • Deployed: ${html_encode(deployed_date)}`);
})
.catch(() => {
$("#version-placeholder").html("Failed to load version or server information.");
@@ -179,7 +179,7 @@ async function UIWindowLogin(options){
// Don't include the whole 404 page
$errorMessage.html(`Error 404: "${gui_origin}/login" not found`);
} else if (err.responseText) {
- $errorMessage.html(err.responseText);
+ $errorMessage.html(html_encode(err.responseText));
} else {
// No message was returned. *Probably* this means we couldn't reach the server.
// If this is a self-hosted instance, it's probably a configuration issue.
@@ -195,7 +195,7 @@ async function UIWindowLogin(options){
`);
} else {
- $errorMessage.html(`Failed to log in: Error ${err.status}`);
+ $errorMessage.html(`Failed to log in: Error ${html_encode(err.status)}`);
}
}
$(el_window).find('.login-error-msg').fadeIn();
diff --git a/src/UI/UIWindowNewPassword.js b/src/UI/UIWindowNewPassword.js
index 2fab5c06..ce5f258b 100644
--- a/src/UI/UIWindowNewPassword.js
+++ b/src/UI/UIWindowNewPassword.js
@@ -139,7 +139,7 @@ async function UIWindowNewPassword(options){
});
},
error: function (err){
- $(el_window).find('.form-error-msg').html(err.responseText);
+ $(el_window).find('.form-error-msg').html(html_encode(err.responseText));
$(el_window).find('.form-error-msg').fadeIn();
}
});
diff --git a/src/UI/UIWindowRecoverPassword.js b/src/UI/UIWindowRecoverPassword.js
index fd6591f5..64bc462f 100644
--- a/src/UI/UIWindowRecoverPassword.js
+++ b/src/UI/UIWindowRecoverPassword.js
@@ -115,7 +115,7 @@ function UIWindowRecoverPassword(options){
})
},
error: function (err){
- $(el_window).find('.error').html(err.responseText);
+ $(el_window).find('.error').html(html_encode(err.responseText));
$(el_window).find('.error').fadeIn();
},
complete: function(){
diff --git a/src/UI/UIWindowSaveAccount.js b/src/UI/UIWindowSaveAccount.js
index 3a57ba9d..6048ccd1 100644
--- a/src/UI/UIWindowSaveAccount.js
+++ b/src/UI/UIWindowSaveAccount.js
@@ -160,7 +160,7 @@ async function UIWindowSaveAccount(options){
})
},
error: function (err){
- $(el_window).find('.signup-error-msg').html(err.responseText);
+ $(el_window).find('.signup-error-msg').html(html_encode(err.responseText));
$(el_window).find('.signup-error-msg').fadeIn();
// re-enable 'Create Account' button
$(el_window).find('.signup-btn').prop('disabled', false);
diff --git a/src/helpers.js b/src/helpers.js
index 467d896a..f912f1b8 100644
--- a/src/helpers.js
+++ b/src/helpers.js
@@ -1264,7 +1264,7 @@ window.copy_clipboard_items = async function(dest_path, dest_container_element){
let copy_path = clipboard[i].path;
let item_with_same_name_already_exists = true;
let overwrite = overwrite_all;
- $(progwin).find('.copy-from').html(copy_path);
+ $(progwin).find('.copy-from').html(html_encode(copy_path));
do{
if(overwrite)
item_with_same_name_already_exists = false;
@@ -1368,7 +1368,7 @@ window.copy_items = function(el_items, dest_path){
let copy_path = $(el_items[i]).attr('data-path');
let item_with_same_name_already_exists = true;
let overwrite = overwrite_all;
- $(progwin).find('.copy-from').html(copy_path);
+ $(progwin).find('.copy-from').html(html_encode(copy_path));
do{
if(overwrite)
@@ -2210,7 +2210,7 @@ window.move_items = async function(el_items, dest_path, is_undo = false){
// --------------------------------------------------------
// update progress window with current item being moved
// --------------------------------------------------------
- $(progwin).find('.move-from').html(path_to_show_on_progwin);
+ $(progwin).find('.move-from').html(html_encode(path_to_show_on_progwin));
// execute move
let resp = await puter.fs.move({
diff --git a/src/helpers/refresh_item_container.js b/src/helpers/refresh_item_container.js
index 7a083ded..d111a04f 100644
--- a/src/helpers/refresh_item_container.js
+++ b/src/helpers/refresh_item_container.js
@@ -244,7 +244,7 @@ const refresh_item_container = function(el_item_container, options){
$(empty_message).hide();
// show error message
- $(error_message).html('Failed to load directory' + (e && e.message ? ': ' + e.message : ''));
+ $(error_message).html('Failed to load directory' + html_encode((e && e.message ? ': ' + e.message : '')));
$(error_message).show();
});
}
diff --git a/src/initgui.js b/src/initgui.js
index 3d16c69b..05987c69 100644
--- a/src/initgui.js
+++ b/src/initgui.js
@@ -711,7 +711,7 @@ window.initgui = async function(){
document.dispatchEvent(new Event("login", { bubbles: true}));
},
error: function (err){
- $('#signup-error-msg').html(err.responseText);
+ $('#signup-error-msg').html(html_encode(err.responseText));
$('#signup-error-msg').fadeIn();
// re-enable 'Create Account' button
$('.signup-btn').prop('disabled', false);