From b8a7cf214d5e7698a65c090f828205cf6ce3b576 Mon Sep 17 00:00:00 2001
From: Niels van Velzen <git@ndat.nl>
Date: Mon, 20 May 2024 11:27:57 +0200
Subject: [PATCH] Fix chapter name XSS injection in progress bar

---
 src/controllers/playback/video/index.js |  1 -
 src/elements/emby-slider/emby-slider.js | 19 ++-----------------
 2 files changed, 2 insertions(+), 18 deletions(-)

diff --git a/src/controllers/playback/video/index.js b/src/controllers/playback/video/index.js
index 6fa5798f79d..7732537b09d 100644
--- a/src/controllers/playback/video/index.js
+++ b/src/controllers/playback/video/index.js
@@ -1843,7 +1843,6 @@ export default function (view) {
         if (item?.Chapters?.length) {
             item.Chapters.forEach(currentChapter => {
                 markers.push({
-                    className: 'chapterMarker',
                     name: currentChapter.Name,
                     progress: currentChapter.StartPositionTicks / item.RunTimeTicks
                 });
diff --git a/src/elements/emby-slider/emby-slider.js b/src/elements/emby-slider/emby-slider.js
index 2854a9dd09c..512fb5bfe46 100644
--- a/src/elements/emby-slider/emby-slider.js
+++ b/src/elements/emby-slider/emby-slider.js
@@ -203,28 +203,13 @@ function setMarker(range, valueMarker, marker, valueProgress) {
 }
 
 function updateMarkers(range, currentValue) {
-    function getMarkerHtml(markerInfo) {
-        let markerTypeSpecificClasses = '';
-
-        if (markerInfo.className === 'chapterMarker') {
-            markerTypeSpecificClasses = markerInfo.className;
-
-            if (typeof markerInfo.name === 'string' && markerInfo.name.length) {
-                // limit the class length in case the name contains half a novel
-                markerTypeSpecificClasses = `${markerInfo.className} marker-${markerInfo.name.substring(0, 100).toLowerCase().replace(' ', '-')}`;
-            }
-        }
-
-        return `<span class="material-icons sliderMarker ${markerTypeSpecificClasses}" aria-hidden="true"></span>`;
-    }
-
     if (range.getMarkerInfo) {
         range.markerInfo = range.getMarkerInfo();
 
         range.markerContainerElement.innerHTML = '';
 
-        range.markerInfo.forEach(info => {
-            range.markerContainerElement.insertAdjacentHTML('beforeend', getMarkerHtml(info));
+        range.markerInfo.forEach(() => {
+            range.markerContainerElement.insertAdjacentHTML('beforeend', '<span class="sliderMarker" aria-hidden="true"></span>');
         });
 
         range.markerElements = range.markerContainerElement.querySelectorAll('.sliderMarker');