Mercurial > hg > orthanc-webviewer
diff WebApplication/viewer.js @ 302:c0c5b50635e7
fix XSS
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Mon, 21 Feb 2022 15:40:51 +0100 |
| parents | e376158e2dbb |
| children | fb7d62e3235e |
line wrap: on
line diff
--- a/WebApplication/viewer.js Wed Jun 23 09:05:58 2021 +0200 +++ b/WebApplication/viewer.js Mon Feb 21 15:40:51 2022 +0100 @@ -424,10 +424,18 @@ success: function(volume) { if (volume.Slices.length != 0) { instances = volume.Slices; - $('#topright').html(volume.PatientID + '<br/>' + - volume.PatientName + '<br/>' + - volume.StudyDescription + '<br/>' + - volume.SeriesDescription + '<br/>'); + var topRightElement = $('<span>'); + topRightElement.append($('<span>', { text: volume.PatientID})); + topRightElement.append($('<br/>')); + topRightElement.append($('<span>', { text: volume.PatientName})); + topRightElement.append($('<br/>')); + topRightElement.append($('<span>', { text: volume.StudyDescription})); + topRightElement.append($('<br/>')); + topRightElement.append($('<span>', { text: volume.SeriesDescription})); + topRightElement.append($('<br/>')); + + $('#topright').empty(); + $('#topright').append(topRightElement); } }, failure: function() {