diff --git a/web_interface/static/v3/plugins_manager.js b/web_interface/static/v3/plugins_manager.js index f6a43057..b3fb8237 100644 --- a/web_interface/static/v3/plugins_manager.js +++ b/web_interface/static/v3/plugins_manager.js @@ -3079,12 +3079,16 @@ function generateFieldHtml(key, prop, value, prefix = '') { html += `
`; Object.keys(itemProperties || {}).forEach(propKey => { const propSchema = itemProperties[propKey]; + const propValue = item[propKey] !== undefined ? item[propKey] : propSchema.default; const propLabel = propSchema.title || propKey.replace(/_/g, ' ').replace(/\b\w/g, l => l.toUpperCase()); html += `
`; if (propSchema.type === 'boolean') { - html += ``; + const checked = propValue ? 'checked' : ''; + html += ``; } else { - html += ``; + // Escape HTML to prevent XSS + const escapedValue = typeof propValue === 'string' ? propValue.replace(/&/g, '&').replace(//g, '>').replace(/"/g, '"').replace(/'/g, ''') : (propValue || ''); + html += ``; } html += `
`; }); @@ -6471,15 +6475,21 @@ if (typeof window !== 'undefined') { itemHtml = window.renderArrayObjectItem(fieldId, fullKey, itemsSchema.properties, {}, newIndex, itemsSchema); } else { // Fallback: create basic HTML structure + // Note: newItem is {} for newly added items, so this will use schema defaults + const newItem = {}; itemHtml = `
`; Object.keys(itemsSchema.properties || {}).forEach(propKey => { const propSchema = itemsSchema.properties[propKey]; + const propValue = newItem[propKey] !== undefined ? newItem[propKey] : propSchema.default; const propLabel = propSchema.title || propKey.replace(/_/g, ' ').replace(/\b\w/g, l => l.toUpperCase()); itemHtml += `
`; if (propSchema.type === 'boolean') { - itemHtml += ``; + const checked = propValue ? 'checked' : ''; + itemHtml += ``; } else { - itemHtml += ``; + // Escape HTML to prevent XSS + const escapedValue = typeof propValue === 'string' ? propValue.replace(/&/g, '&').replace(//g, '>').replace(/"/g, '"').replace(/'/g, ''') : (propValue || ''); + itemHtml += ``; } itemHtml += `
`; });