mirror of
https://github.com/openvk/openvk
synced 2024-12-23 09:01:15 +03:00
Fix funny xss thing (not tested sinve since im in hospital 💀)
This commit is contained in:
parent
0f2a88aa68
commit
cf558d57c5
2 changed files with 14 additions and 0 deletions
|
@ -428,6 +428,18 @@ function showIncreaseRatingDialog(coinsCount, userUrl, hash) {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function escapeHtml(text) {
|
||||||
|
var map = {
|
||||||
|
'&': '&',
|
||||||
|
'<': '<',
|
||||||
|
'>': '>',
|
||||||
|
'"': '"',
|
||||||
|
"'": '''
|
||||||
|
};
|
||||||
|
|
||||||
|
return text.replace(/[&<>"']/g, function(m) { return map[m]; });
|
||||||
|
}
|
||||||
|
|
||||||
$(document).on("scroll", () => {
|
$(document).on("scroll", () => {
|
||||||
if($(document).scrollTop() > $(".sidebar").height() + 50) {
|
if($(document).scrollTop() > $(".sidebar").height() + 50) {
|
||||||
$(".floating_sidebar")[0].classList.add("show");
|
$(".floating_sidebar")[0].classList.add("show");
|
||||||
|
|
|
@ -16,6 +16,8 @@ function _bsdnToHumanTime(time) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function _bsdnTpl(name, author) {
|
function _bsdnTpl(name, author) {
|
||||||
|
name = escapeHtml(name);
|
||||||
|
|
||||||
return `
|
return `
|
||||||
<div class="bsdn_contextMenu" style="display: none;">
|
<div class="bsdn_contextMenu" style="display: none;">
|
||||||
<span class="bsdn_contextMenuElement bsdn_copyVideoUrl">Copy video link to clipboard</span>
|
<span class="bsdn_contextMenuElement bsdn_copyVideoUrl">Copy video link to clipboard</span>
|
||||||
|
|
Loading…
Reference in a new issue