mirror of
https://github.com/leoherzog/TorrentParts.git
synced 2026-01-24 04:08:04 -08:00
Fix XSS Vulnerability and Null Reference Errors
This commit is contained in:
Leo Herzog
24
src/parse.js
24
src/parse.js
@@ -114,15 +114,16 @@ function start() {
|
|||||||
|
|
||||||
document.addEventListener('drop', function (event) {
|
document.addEventListener('drop', function (event) {
|
||||||
event.preventDefault();
|
event.preventDefault();
|
||||||
event.dataTransfer.items[0]
|
if (event.dataTransfer.items.length === 0) return;
|
||||||
.getAsFile()
|
if (event.dataTransfer.items[0].kind !== 'file') return;
|
||||||
.arrayBuffer()
|
const file = event.dataTransfer.items[0].getAsFile();
|
||||||
.then(function (arrayBuffer) {
|
if (!file) return;
|
||||||
source = 'torrent-file';
|
file.arrayBuffer().then(function (arrayBuffer) {
|
||||||
originalSourceIcon.innerHTML = '<span class="fad fa-file-alt fa-fw"></span>';
|
source = 'torrent-file';
|
||||||
sourceTooltip.setContent('Currently loaded information sourced from Torrent file');
|
originalSourceIcon.innerHTML = '<span class="fad fa-file-alt fa-fw"></span>';
|
||||||
parse(Buffer.from(arrayBuffer));
|
sourceTooltip.setContent('Currently loaded information sourced from Torrent file');
|
||||||
});
|
parse(Buffer.from(arrayBuffer));
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
// example buttons
|
// example buttons
|
||||||
@@ -372,7 +373,7 @@ function createFileRow(icon, name, size) {
|
|||||||
if (icon) iconcell.innerHTML = '<span class="far fa-' + icon + '"></span>';
|
if (icon) iconcell.innerHTML = '<span class="far fa-' + icon + '"></span>';
|
||||||
row.appendChild(iconcell);
|
row.appendChild(iconcell);
|
||||||
let namecell = document.createElement('td');
|
let namecell = document.createElement('td');
|
||||||
namecell.innerHTML = name;
|
namecell.textContent = name;
|
||||||
row.appendChild(namecell);
|
row.appendChild(namecell);
|
||||||
let totalcell = document.createElement('td');
|
let totalcell = document.createElement('td');
|
||||||
totalcell.innerHTML = bytes.format(size, { decimalPlaces: 1, unitSeparator: ' ' });
|
totalcell.innerHTML = bytes.format(size, { decimalPlaces: 1, unitSeparator: ' ' });
|
||||||
@@ -458,7 +459,7 @@ async function addCurrentTrackers() {
|
|||||||
try {
|
try {
|
||||||
let response = await fetch('https://newtrackon.com/api/stable'); // get trackers with 95% uptime
|
let response = await fetch('https://newtrackon.com/api/stable'); // get trackers with 95% uptime
|
||||||
let trackers = await response.text();
|
let trackers = await response.text();
|
||||||
parsed.announce = parsed.announce.concat(trackers.split('\n\n'));
|
parsed.announce = (parsed.announce || []).concat(trackers.split('\n\n'));
|
||||||
parsed.announce.push('http://bt1.archive.org:6969/announce');
|
parsed.announce.push('http://bt1.archive.org:6969/announce');
|
||||||
parsed.announce.push('http://bt2.archive.org:6969/announce');
|
parsed.announce.push('http://bt2.archive.org:6969/announce');
|
||||||
parsed.announce = parsed.announce.filter((v, i) => v && parsed.announce.indexOf(v) === i); // remove duplicates and empties
|
parsed.announce = parsed.announce.filter((v, i) => v && parsed.announce.indexOf(v) === i); // remove duplicates and empties
|
||||||
@@ -504,6 +505,7 @@ function updateModified() {
|
|||||||
function getFilesFromPeers() {
|
function getFilesFromPeers() {
|
||||||
console.info('Attempting fetching files from Webtorrent...');
|
console.info('Attempting fetching files from Webtorrent...');
|
||||||
getFiles.style.display = 'none';
|
getFiles.style.display = 'none';
|
||||||
|
parsed.announce = parsed.announce || [];
|
||||||
parsed.announce.push('wss://tracker.webtorrent.io');
|
parsed.announce.push('wss://tracker.webtorrent.io');
|
||||||
parsed.announce.push('wss://tracker.openwebtorrent.com');
|
parsed.announce.push('wss://tracker.openwebtorrent.com');
|
||||||
parsed.announce.push('wss://tracker.btorrent.xyz');
|
parsed.announce.push('wss://tracker.btorrent.xyz');
|
||||||
|
|||||||
Reference in New Issue
Block a user