Server injects HTML that turns off most security features in a browser #413

New issue

Closed

opened 2025-12-21 16:41:01 +01:00 by backuprepo · 2 comments

backuprepo commented 2025-12-21 16:41:01 +01:00

Owner

Copy link

Originally created by @sparky8251 on GitHub (Feb 12, 2019).

Describe the bug
This bit of code turns off all kinds of safety settings whenever index.html (the top level of the web UI) is loaded.

Expected behavior
Web app should function properly without disabling every security function known to man.

Originally created by @sparky8251 on GitHub (Feb 12, 2019). **Describe the bug** [This bit of code turns off all kinds of safety settings whenever index.html (the top level of the web UI) is loaded](https://github.com/jellyfin/jellyfin/blob/eb4b7051676b7493a57a99a821d5dd38bd9d4919/MediaBrowser.WebDashboard/Api/PackageCreator.cs#L138). **Expected behavior** Web app should function properly without disabling every security function known to man.

backuprepo 2025-12-21 16:41:01 +01:00

• closed this issue
• added the
  bug
  security
  labels

backuprepo commented 2025-12-21 16:41:04 +01:00

Author

Owner

Copy link

@stale[bot] commented on GitHub (Jul 29, 2019):

Issues go stale after 60d of inactivity. Mark the issue as fresh by adding a comment or commit. Stale issues close after an additional 7d of inactivity. If this issue is safe to close now please do so. If you have any questions you can reach us on Matrix or Social Media.

@stale[bot] commented on GitHub (Jul 29, 2019): Issues go stale after 60d of inactivity. Mark the issue as fresh by adding a comment or commit. Stale issues close after an additional 7d of inactivity. If this issue is safe to close now please do so. If you have any questions you can reach us on [Matrix or Social Media](https://jellyfin.readthedocs.io/en/latest/getting-help/).

backuprepo commented 2025-12-21 16:41:06 +01:00

Author

Owner

Copy link

@dkanada commented on GitHub (May 2, 2020):

resolved in #2966

@dkanada commented on GitHub (May 2, 2020): resolved in #2966

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

renovate/ci-deps

release-10.11.z

renovate/major-swashbuckle-aspnetcore-monorepo

renovate/svg.skia-3.x

explicit-load-v2

explicit-load

renovate/skiasharp-monorepo

only-count-folder-item

openapi-cache

release-10.10.z

release-10.9.z

feature/entity-framework

release-10.8.z

release-10.7.z

EraYaN-add-management-interface

release-10.6.z

release-10.5.z

release-10.4.z

release-10.3.z

release-10.2.z

release-10.1.0

v10.11.6

v10.11.5

v10.11.4

v10.11.3

v10.11.2

v10.11.1

v10.11.0

v10.11.0-rc9

v10.11.0-rc8

v10.11.0-rc7

v10.11.0-rc6

v10.11.0-rc5

v10.11.0-rc4

v10.11.0-rc3

v10.11.0-rc2

v10.11.0-rc1

v10.10.7

v10.10.6

v10.10.5

v10.10.4

v10.10.3

v10.10.2

v10.10.1

v10.10.0

v10.9.11

v10.9.10

v10.9.9

v10.9.8

v10.9.7

v10.9.6

v10.9.5

v10.9.4

v10.9.3

v10.9.2

v10.9.1

v10.9.0

v10.8.13

v10.8.12

v10.8.11

v10.8.10

v10.8.9

v10.8.8

v10.8.7

v10.8.6

v10.8.5

v10.8.4

v10.8.3

v10.8.2

v10.8.1

v10.8.0

v10.8.0-beta3

v10.8.0-beta2

v10.8.0-beta1

v10.8.0-alpha5

v10.8.0-alpha4

v10.8.0-alpha3

v10.8.0-alpha2

v10.8.0-alpha1

v10.7.7

v10.7.6

v10.7.5

v10.7.4

v10.7.3

v10.7.2

v10.7.1

v10.7.0

v10.7.0-rc4

v10.7.0-rc3

v10.7.0-rc2

v10.7.0-rc1

v10.6.4

v10.6.3

v10.6.2

v10.6.1

v10.6.0

v10.5.5

v10.5.4

v10.5.3

v10.5.2

v10.5.1

v10.5.0

v10.4.3

v10.4.2

v10.4.1

v10.4.0

v10.3.7

v10.3.6

v10.3.5

v10.3.4

v10.3.3

v10.3.2

v10.3.1

v10.3.0

v10.3.0-rc2

v10.3.0-rc1

v10.2.2

v10.2.1

v10.2.0

v10.1.0

v10.0.1

v10.0.0

v10.0.2

v3.5.2-5

Labels

Clear labels   

area:database

  

awaiting-feedback

  

backend

  

blocked

  

breaking change: web api

  

bug

  

build

  

ci

  

confirmed

  

discussion needed

  

dotnet future

  

downstream

  

duplicate

  

EFjellyfin.db

  

enhancement

  

feature

  

future

  

github-actions

  

good first issue

  

hdr

  

help wanted

  

invalid

  

investigation

  

librarydb

  

live-tv

  

lyrics

  

media playback

  

music

  

needs testing

  

nuget

  

performance

  

platform

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

regression

  

release critical

  

requires-web

  

roadmap

  

security

  

security

  

stale

  

support

  

syncplay

  

ui & ux

  

upstream

  

wontfix

No labels

area:database

awaiting-feedback

backend

blocked

breaking change: web api

bug

build

ci

confirmed

discussion needed

dotnet future

downstream

duplicate

EFjellyfin.db

enhancement

feature

future

github-actions

good first issue

hdr

help wanted

invalid

investigation

librarydb

live-tv

lyrics

media playback

music

needs testing

nuget

performance

platform

pull-request

question

regression

release critical

requires-web

roadmap

security

security

stale

support

syncplay

ui & ux

upstream

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: starred/jellyfin#413

No description provided.