Update book/podcast scanner to sanitize description pulled from metadata

server/scanner/BookScanner.js

@@ -7,6 +7,7 @@ const parseNameString = require('../utils/parsers/parseNameString')
 const parseEbookMetadata = require('../utils/parsers/parseEbookMetadata')
 const globals = require('../utils/globals')
 const { readTextFile, filePathToPOSIX, getFileTimestampsWithIno } = require('../utils/fileUtils')
+const htmlSanitizer = require('../utils/htmlSanitizer')
 
 const AudioFileScanner = require('./AudioFileScanner')
 const Database = require('../Database')
@@ -688,6 +689,10 @@ class BookScanner {
 
     bookMetadata.titleIgnorePrefix = getTitleIgnorePrefix(bookMetadata.title)
 
+    if (typeof bookMetadata.description === 'string' && bookMetadata.description) {
+      bookMetadata.description = htmlSanitizer.sanitize(bookMetadata.description)
+    }
+
     return bookMetadata
   }
 

server/scanner/PodcastScanner.js

@@ -11,6 +11,7 @@ const LibraryFile = require('../objects/files/LibraryFile')
 const fsExtra = require('../libs/fsExtra')
 const PodcastEpisode = require('../models/PodcastEpisode')
 const AbsMetadataFileScanner = require('./AbsMetadataFileScanner')
+const htmlSanitizer = require('../utils/htmlSanitizer')
 
 /**
  * Metadata for podcasts pulled from files
@@ -398,6 +399,10 @@ class PodcastScanner {
 
     podcastMetadata.titleIgnorePrefix = getTitleIgnorePrefix(podcastMetadata.title)
 
+    if (typeof podcastMetadata.description === 'string' && podcastMetadata.description) {
+      podcastMetadata.description = htmlSanitizer.sanitize(podcastMetadata.description)
+    }
+
     return podcastMetadata
   }