remove unused imports, sanitization, and validation of input

src/UI/Settings/UITabAbout.js

@@ -96,7 +96,7 @@ export default {
         puter.os.version()
         .then(res => {
             const deployed_date = new Date(res.deploy_timestamp).toLocaleString();
-            $el_window.find('.version').html(`Version: ${res.version} • Server: ${res.location} • Deployed: ${deployed_date}`);
+            $el_window.find('.version').html(`Version: ${html_encode(res.version)} • Server: ${html_encode(res.location)} • Deployed: ${deployed_date}`);
         })
         .catch(error => {
             console.error("Failed to fetch server info:", error);

src/UI/Settings/UITabClock.js

@@ -16,7 +16,6 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
-import UIWindowThemeDialog from '../UIWindowThemeDialog.js';
 
 // About
 export default {

src/UI/Settings/UITabLanguage.js

@@ -16,7 +16,6 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
-import UIWindowThemeDialog from '../UIWindowThemeDialog.js';
 import changeLanguage from '../../i18n/i18nChangeLanguage.js';
 
 // About

src/UI/Settings/UIWindowFinalizeUserDeletion.js

@@ -139,7 +139,7 @@ async function UIWindowFinalizeUserDeletion(options){
                         logout();
                     }
                     else{
-                        $(el_window).find('.error-message').html(data.error);
+                        $(el_window).find('.error-message').html(html_encode(data.error));
                         $(el_window).find('.error-message').show();
 
                     }

src/UI/Settings/UIWindowSettings.js

@@ -18,19 +18,12 @@
  */
 
 import UIWindow from '../UIWindow.js'
-import UIWindowChangePassword from '../UIWindowChangePassword.js'
-import UIWindowChangeEmail from './UIWindowChangeEmail.js'
-import UIWindowChangeUsername from '../UIWindowChangeUsername.js'
-import changeLanguage from "../../i18n/i18nChangeLanguage.js"
-import UIWindowConfirmUserDeletion from './UIWindowConfirmUserDeletion.js';
 import AboutTab from './UITabAbout.js';
 import UsageTab from './UITabUsage.js';
 import AccountTab from './UITabAccount.js';
 import PersonalizationTab from './UITabPersonalization.js';
 import LanguageTab from './UITabLanguage.js';
 import ClockTab from './UITabClock.js';
-import UIWindowThemeDialog from '../UIWindowThemeDialog.js';
-import UIWindowManageSessions from '../UIWindowManageSessions.js';
 
 async function UIWindowSettings(options){
     return new Promise(async (resolve) => {

src/UI/UIWindowChangePassword.js

@@ -131,7 +131,7 @@ async function UIWindowChangePassword(options){
                 $(el_window).find('input').val('');
             },
             error: function (err){
-                $(el_window).find('.form-error-msg').html(err.responseText);
+                $(el_window).find('.form-error-msg').html(html_encode(err.responseText));
                 $(el_window).find('.form-error-msg').fadeIn();
             }
         });	

src/UI/UIWindowEmailConfirmationRequired.js

@@ -140,7 +140,7 @@ function UIWindowEmailConfirmationRequired(options){
                         }
                     },
                     error: function(res){
-                        $(el_window).find('.error').html(res.responseJSON.error);
+                        $(el_window).find('.error').html(html_encode(res.responseJSON.error));
                         $(el_window).find('.error').fadeIn();
                         $(el_window).find('.digit-input').val('');
                         $(el_window).find('.digit-input').first().focus();

src/UI/UIWindowLogin.js

@@ -75,7 +75,7 @@ async function UIWindowLogin(options){
         puter.os.version()
         .then(res => {
             const deployed_date = new Date(res.deploy_timestamp).toLocaleString();
-            $("#version-placeholder").html(`Version: ${res.version} • Server: ${res.location} • Deployed: ${deployed_date}`);
+            $("#version-placeholder").html(`Version: ${html_encode(res.version)} • Server: ${html_encode(res.location)} • Deployed: ${html_encode(deployed_date)}`);
         })
         .catch(() => {
             $("#version-placeholder").html("Failed to load version or server information.");
@@ -179,7 +179,7 @@ async function UIWindowLogin(options){
                         // Don't include the whole 404 page
                         $errorMessage.html(`Error 404: "${gui_origin}/login" not found`);
                     } else if (err.responseText) {
-                        $errorMessage.html(err.responseText);
+                        $errorMessage.html(html_encode(err.responseText));
                     } else {
                         // No message was returned. *Probably* this means we couldn't reach the server.
                         // If this is a self-hosted instance, it's probably a configuration issue.
@@ -195,7 +195,7 @@ async function UIWindowLogin(options){
                                 </ul>
                             </div>`);
                         } else {
-                            $errorMessage.html(`Failed to log in: Error ${err.status}`);
+                            $errorMessage.html(`Failed to log in: Error ${html_encode(err.status)}`);
                         }
                     }
                     $(el_window).find('.login-error-msg').fadeIn();

src/UI/UIWindowNewPassword.js

@@ -139,7 +139,7 @@ async function UIWindowNewPassword(options){
                     });
                 },
                 error: function (err){
-                    $(el_window).find('.form-error-msg').html(err.responseText);
+                    $(el_window).find('.form-error-msg').html(html_encode(err.responseText));
                     $(el_window).find('.form-error-msg').fadeIn();
                 }
             });	

src/UI/UIWindowRecoverPassword.js

@@ -115,7 +115,7 @@ function UIWindowRecoverPassword(options){
                     })           
                 },
                 error: function (err){
-                    $(el_window).find('.error').html(err.responseText);
+                    $(el_window).find('.error').html(html_encode(err.responseText));
                     $(el_window).find('.error').fadeIn();
                 },
                 complete: function(){

src/UI/UIWindowSaveAccount.js

@@ -160,7 +160,7 @@ async function UIWindowSaveAccount(options){
                     })
                 },
                 error: function (err){
-                    $(el_window).find('.signup-error-msg').html(err.responseText);
+                    $(el_window).find('.signup-error-msg').html(html_encode(err.responseText));
                     $(el_window).find('.signup-error-msg').fadeIn();
                     // re-enable 'Create Account' button
                     $(el_window).find('.signup-btn').prop('disabled', false);

src/helpers.js

@@ -1264,7 +1264,7 @@ window.copy_clipboard_items = async function(dest_path, dest_container_element){
             let copy_path = clipboard[i].path;
             let item_with_same_name_already_exists = true;
             let overwrite = overwrite_all;
-            $(progwin).find('.copy-from').html(copy_path);
+            $(progwin).find('.copy-from').html(html_encode(copy_path));
             do{
                 if(overwrite)
                     item_with_same_name_already_exists = false;
@@ -1368,7 +1368,7 @@ window.copy_items = function(el_items, dest_path){
             let copy_path = $(el_items[i]).attr('data-path');
             let item_with_same_name_already_exists = true;
             let overwrite = overwrite_all;
-            $(progwin).find('.copy-from').html(copy_path);
+            $(progwin).find('.copy-from').html(html_encode(copy_path));
 
             do{
                 if(overwrite)
@@ -2210,7 +2210,7 @@ window.move_items = async function(el_items, dest_path, is_undo = false){
                 // --------------------------------------------------------
                 // update progress window with current item being moved
                 // --------------------------------------------------------
-                $(progwin).find('.move-from').html(path_to_show_on_progwin);
+                $(progwin).find('.move-from').html(html_encode(path_to_show_on_progwin));
 
                 // execute move
                 let resp = await puter.fs.move({

src/helpers/refresh_item_container.js

@@ -244,7 +244,7 @@ const refresh_item_container = function(el_item_container, options){
         $(empty_message).hide();
 
         // show error message
-        $(error_message).html('Failed to load directory' + (e && e.message ? ': ' + e.message : ''));
+        $(error_message).html('Failed to load directory' + html_encode((e && e.message ? ': ' + e.message : '')));
         $(error_message).show();
     });
 }    

src/initgui.js

@@ -711,7 +711,7 @@ window.initgui = async function(){
                 document.dispatchEvent(new Event("login", { bubbles: true})); 
             },
             error: function (err){
-                $('#signup-error-msg').html(err.responseText);
+                $('#signup-error-msg').html(html_encode(err.responseText));
                 $('#signup-error-msg').fadeIn();
                 // re-enable 'Create Account' button
                 $('.signup-btn').prop('disabled', false);