`coverPhotoStyle` need to be encoded

diff --git a/ts/WoltLabSuite/Core/Component/User/CoverPhoto.ts b/ts/WoltLabSuite/Core/Component/User/CoverPhoto.ts
index b591014115b12e57fcb3cc2f79e854e87dd52739..44e7782b2e1e34f4154b83754c08aa06d37c616c 100644 (file)
--- a/ts/WoltLabSuite/Core/Component/User/CoverPhoto.ts
+++ b/ts/WoltLabSuite/Core/Component/User/CoverPhoto.ts
@@ -18,7 +18,7 @@ import WoltlabCoreFile from "WoltLabSuite/Core/Component/File/woltlab-core-file"
 import { fire as fireEvent } from "WoltLabSuite/Core/Event/Handler";
 import { getPhrase } from "WoltLabSuite/Core/Language";
 import DomUtil from "WoltLabSuite/Core/Dom/Util";
-import { unescapeHTML } from "WoltLabSuite/Core/StringUtil";
+import { escapeHTML } from "WoltLabSuite/Core/StringUtil";
 
 type ResponseGetForm = {
   dialog: string;
@@ -36,7 +36,7 @@ async function editCoverPhoto(button: HTMLElement): Promise<void> {
 
   dialog.addEventListener("afterClose", () => {
     const file = dialog.querySelector<WoltlabCoreFile>("woltlab-core-file");
-    const coverPhotoUrl = unescapeHTML(file?.link ?? defaultCoverPhoto ?? "");
+    const coverPhotoUrl = file?.link ?? defaultCoverPhoto ?? "";
     const coverPhotoStyle = `url("${coverPhotoUrl}")`;
 
     if (FormBuilderManager.hasForm(json.formId)) {
@@ -49,13 +49,13 @@ async function editCoverPhoto(button: HTMLElement): Promise<void> {
     }
 
     if (coverPhotoElement && coverPhotoUrl) {
-      coverPhotoElement.style.setProperty("background-image", coverPhotoStyle, "");
+      coverPhotoElement.style.backgroundImage = coverPhotoStyle;
     } else {
       // ACP cover photo management
       if (!coverPhotoElement && coverPhotoUrl) {
         coverPhotoNotice!.parentElement!.appendChild(
           DomUtil.createFragmentFromHtml(
-            `<div id="coverPhotoPreview" style="background-image: ${coverPhotoStyle};"></div>`,
+            `<div id="coverPhotoPreview" style="background-image: ${escapeHTML(coverPhotoStyle)};"></div>`,
           ),
         );
         coverPhotoNotice!.remove();

diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/User/CoverPhoto.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/User/CoverPhoto.js
index 87ae89e16fd71daea3fa22a98f84b335ae10c1af..a1ab2456da76400c34839247bf27667806b09dc5 100644 (file)
--- a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/User/CoverPhoto.js
+++ b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/User/CoverPhoto.js
@@ -22,7 +22,7 @@ define(["require", "exports", "tslib", "WoltLabSuite/Core/Helper/PromiseMutex",
         const oldCoverPhoto = coverPhotoElement?.style.backgroundImage;
         dialog.addEventListener("afterClose", () => {
             const file = dialog.querySelector("woltlab-core-file");
-            const coverPhotoUrl = (0, StringUtil_1.unescapeHTML)(file?.link ?? defaultCoverPhoto ?? "");
+            const coverPhotoUrl = file?.link ?? defaultCoverPhoto ?? "";
             const coverPhotoStyle = `url("${coverPhotoUrl}")`;
             if (FormBuilderManager.hasForm(json.formId)) {
                 FormBuilderManager.unregisterForm(json.formId);
@@ -32,12 +32,12 @@ define(["require", "exports", "tslib", "WoltLabSuite/Core/Helper/PromiseMutex",
                 return;
             }
             if (coverPhotoElement && coverPhotoUrl) {
-                coverPhotoElement.style.setProperty("background-image", coverPhotoStyle, "");
+                coverPhotoElement.style.backgroundImage = coverPhotoStyle;
             }
             else {
                 // ACP cover photo management
                 if (!coverPhotoElement && coverPhotoUrl) {
-                    coverPhotoNotice.parentElement.appendChild(Util_1.default.createFragmentFromHtml(`<div id="coverPhotoPreview" style="background-image: ${coverPhotoStyle};"></div>`));
+                    coverPhotoNotice.parentElement.appendChild(Util_1.default.createFragmentFromHtml(`<div id="coverPhotoPreview" style="background-image: ${(0, StringUtil_1.escapeHTML)(coverPhotoStyle)};"></div>`));
                     coverPhotoNotice.remove();
                 }
                 else if (coverPhotoElement && !coverPhotoUrl) {