From 034b0b46455447e0433767d5e493fe9a2296b184 Mon Sep 17 00:00:00 2001 From: milan Date: Mon, 11 Nov 2024 16:32:54 +0100 Subject: [PATCH] Only inline svg within WebserverRoot and containing bi- -- we use bi- to mark images that should behave like bootstrap font images --- api/js/etemplate/Et2Image/Et2Image.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/js/etemplate/Et2Image/Et2Image.ts b/api/js/etemplate/Et2Image/Et2Image.ts index 542dcf9825..602acc6f33 100644 --- a/api/js/etemplate/Et2Image/Et2Image.ts +++ b/api/js/etemplate/Et2Image/Et2Image.ts @@ -185,8 +185,8 @@ export class Et2Image extends Et2Widget(LitElement) implements et2_IDetachedDOM // our own svg images //only call unsafeHtml when we are inside /egroupware/ - const ourSvg = url.match(/\/egroupware\/([^.]+)\.svg/); - if (ourSvg) + const ourSvg = url.startsWith(this.egw().webserverUrl + '/') //checks if source is trusted + if (ourSvg && url.match(/\/bi-.*\.svg/)) { const svg = fetch(url) .then(res => res.text()