mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-18 09:22:31 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update util.js

Browse source 
Signed-off-by: Zeroday BYTE <github@zerodaysec.org>
This commit is contained in:
Zeroday BYTE 2025-07-29 21:59:35 +07:00 committed by GitHub
parent 4915b14be1
commit 8656952d0f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
copyparty/web/util.js
View file

@ -2001,9 +2001,9 @@ function load_md_plug(md_text, plug_type, defer) {
var old_plug = md_plug[plug_type];
if (!old_plug || old_plug[1] != js) {
js = 'const loc = new URL("' + location.href + '"), x = { ' + js + ' }; x;';
// Use Function constructor to avoid code injection via location.href
try {
var x = eval(js);
var x = (new Function('loc', 'return { ' + js + ' };'))(new URL(location.href));
if (x['ctor']) {
x['ctor']();
delete x['ctor'];