网络安全漏洞修复

[yang870516]

Hi! 👋

Firstly, thanks for your work on this project! 🙂

Today I used patch-package to patch viewerjs@1.5.0 for the project I'm working on.

Here is the diff that solved my problem:

diff --git a/node_modules/viewerjs/dist/viewer.common.js b/node_modules/viewerjs/dist/viewer.common.js
index b554bd3..678512a 100644
--- a/node_modules/viewerjs/dist/viewer.common.js
+++ b/node_modules/viewerjs/dist/viewer.common.js
@@ -1033,7 +1033,8 @@ var render = {
         list = this.list;
     var items = []; // initList may be called in this.update, so should keep idempotent
 
-    list.innerHTML = '';
+    //网络安全漏洞修改 20231106 yangxl
+		(list.textContent != undefined ) ? (list.textContent = "") : (list.innerText = "");
     forEach(this.images, function (image, index) {
       var src = image.src;
       var alt = image.alt || getImageNameFromURL(src);
@@ -1101,7 +1102,8 @@ var render = {
   },
   resetList: function resetList() {
     var list = this.list;
-    list.innerHTML = '';
+    //网络安全漏洞修改 20231106 yangxl
+    (list.textContent != undefined ) ? (list.textContent = "") : (list.innerText = "");
     removeClass(list, CLASS_TRANSITION);
     setStyle(list, getTransforms({
       translateX: 0
@@ -1902,18 +1904,22 @@ var methods = {
       addClass(canvas, CLASS_LOADING);
     }
 
-    canvas.innerHTML = '';
+	//网络安全漏洞修改 20231106 yangxl
+	(canvas.textContent != undefined ) ? (canvas.textContent = "") : (canvas.innerText = "");
     canvas.appendChild(image); // Center current item
 
     this.renderList(); // Clear title
+    //网络安全漏洞修改 20231106 yangxl
+    (title.textContent != undefined ) ? (title.textContent = "") : (title.innerText = "");// Generate title after viewed
     
-    title.innerHTML = ''; // Generate title after viewed
 	
     var onViewed = function onViewed() {
       var imageData = _this.imageData;
       var render = Array.isArray(options.title) ? options.title[1] : options.title;
-      title.innerHTML = escapeHTMLEntities(isFunction(render) ? render.call(_this, image, imageData) : "".concat(alt, " (").concat(imageData.naturalWidth, " \xD7 ").concat(imageData.naturalHeight, ")"));
-    };
+      let _textVal = escapeHTMLEntities(isFunction(render) ? render.call(_this, image, imageData) : "".concat(alt, " (").concat(imageData.naturalWidth, " \xD7 ").concat(imageData.naturalHeight, ")"));
+      //网络安全漏洞修改 20231106 yangxl
+	  (title.textContent != undefined ) ?(title.textContent = _textVal):(title.innerText = _textVal);// Generate title after viewed
+	};
 
     var onLoad;
     addListener(element, EVENT_VIEWED, onViewed, {
@@ -2335,7 +2341,8 @@ var methods = {
       removeListener(image, EVENT_LOAD, _this4.onLoadWhenPlay);
     });
     removeClass(player, CLASS_SHOW);
-    player.innerHTML = '';
+    //网络安全漏洞修复 20231106 yangxl
+	(player.textContent != undefined ) ?(player.textContent = ""):(player.innerText = "");
     this.exitFullscreen();
     return this;
   },
@@ -2572,8 +2579,9 @@ var methods = {
           this.viewed = false;
           this.index = 0;
           this.imageData = {};
-          this.canvas.innerHTML = '';
-          this.title.innerHTML = '';
+          //网络安全漏洞修复 20231106 yangxl
+		  (this.canvas.textContent != undefined ) ? (this.canvas.textContent = "") : (this.canvas.innerText = "");
+		  (this.title.textContent != undefined ) ? (this.title.textContent = "") : (this.title.innerText = "");
         }
       }
     } else {
@@ -2927,7 +2935,8 @@ function () {
           options = this.options;
       var parent = element.parentNode;
       var template = document.createElement('div');
-      template.innerHTML = TEMPLATE;
+      //网络安全漏洞修复 20231106 yangxl
+	  (template.textContent != undefined ) ? (template.textContent = TEMPLATE) : (template.innerText = TEMPLATE);
       var viewer = template.querySelector(".".concat(NAMESPACE, "-container"));
       var title = viewer.querySelector(".".concat(NAMESPACE, "-title"));
       var toolbar = viewer.querySelector(".".concat(NAMESPACE, "-toolbar"));
diff --git a/node_modules/viewerjs/src/.DS_Store b/node_modules/viewerjs/src/.DS_Store
deleted file mode 100644
index c31585c..0000000
Binary files a/node_modules/viewerjs/src/.DS_Store and /dev/null differ

This issue body was partially generated by patch-package.