Fix the gallery block console errors, occure due to rtmedia plugin (#1530)

KMchaudhary · KMchaudhary · web-flow · commit 3a85868c2cf2 · 2026-01-19T21:25:14.000+05:30
* Fix the gallery block console errors, occure due to rtmedia plugin

* Fix github advance security issue: DOM text reinterpreted as HTML

---------

Co-authored-by: KMchaudhary &lt;kuldipkumar.chaudhary@rtcamp.com&gt;
diff --git a/assets/src/js/godam-player/engagement.js b/assets/src/js/godam-player/engagement.js
@@ -1166,18 +1166,35 @@ function CommentBox( props ) {
 
 	useEffect( () => {
 		const currentVideoParent = document.getElementById( videoFigureId );
+
+		if ( ! currentVideoParent ) {
+			return;
+		}
+
 		const currentVideo = currentVideoParent.querySelector( '.godam-video-wrapper' );
+
+		if ( ! currentVideo ) {
+			return;
+		}
+
+		const videoContainer = videoContainerRef.current;
+
+		if ( ! videoContainer ) {
+			return;
+		}
+
 		const currentVideoClass = currentVideoParent.className;
 		const currentVideoStyles = currentVideoParent.getAttribute( 'style' );
 
-		const videoContainer = videoContainerRef.current;
 		videoContainer.className = currentVideoClass;
 		videoContainer.style = currentVideoStyles;
 		videoContainer.appendChild( currentVideo );
 		document.body.classList.add( 'no-scroll' );
 
 		return () => {
-			currentVideoParent.insertBefore( currentVideo, currentVideoParent.firstChild );
+			if ( currentVideoParent && currentVideo ) {
+				currentVideoParent.insertBefore( currentVideo, currentVideoParent.firstChild );
+			}
 			document.body.classList.remove( 'no-scroll' );
 
 			// Godam gallery cleanup if needed
diff --git a/assets/src/js/ninja-forms/ninja-forms-submissions-list.js b/assets/src/js/ninja-forms/ninja-forms-submissions-list.js
@@ -15,16 +15,28 @@ document.addEventListener( 'DOMContentLoaded', () => {
 			const text = cell.textContent.trim();
 
 			if ( ( text.startsWith( 'http://' ) || text.startsWith( 'https://' ) ) && text.includes( '/wp-content/uploads/' ) ) {
-				const link = document.createElement( 'a' );
-				link.href = text;
-				link.target = '_blank';
-				link.rel = 'noopener noreferrer';
-				link.textContent = 'View Recording';
-
-				cell.textContent = '';
-				cell.appendChild( link );
-
-				cell.dataset.godamProcessed = '1';
+				let url;
+
+				try {
+					url = new URL( text, window.location.origin );
+				} catch ( e ) {
+					// If the URL is invalid, do not transform the cell into a link.
+					return;
+				}
+
+				// Only allow same-origin http(s) URLs.
+				if ( ( url.protocol === 'http:' || url.protocol === 'https:' ) && url.origin === window.location.origin ) {
+					const link = document.createElement( 'a' );
+					link.href = url.href;
+					link.target = '_blank';
+					link.rel = 'noopener noreferrer';
+					link.textContent = 'View Recording';
+
+					cell.textContent = '';
+					cell.appendChild( link );
+
+					cell.dataset.godamProcessed = '1';
+				}
 			}
 		} );
 	};
