Lanmikeman/openvk
Lanmikeman/openvk
1
1
Fork 0
mirror of https://github.com/openvk/openvk synced 2024-09-21 16:38:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

Fix funny xss thing (not tested sinve since im in hospital 💀)

Browse source
This commit is contained in:
Vladimir Barinov 2023-02-10 08:46:29 +02:00 committed by GitHub
parent 0f2a88aa68
commit cf558d57c5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
Web/static/js/openvk.cls.js
View file

@ -428,6 +428,18 @@ function showIncreaseRatingDialog(coinsCount, userUrl, hash) {
}; };
} }
function escapeHtml(text) {
var map = {
'&': '&',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#039;'
};
return text.replace(/[&<>"']/g, function(m) { return map[m]; });
}
$(document).on("scroll", () => { $(document).on("scroll", () => {
if($(document).scrollTop() > $(".sidebar").height() + 50) { if($(document).scrollTop() > $(".sidebar").height() + 50) {
$(".floating_sidebar")[0].classList.add("show"); $(".floating_sidebar")[0].classList.add("show");

2
Web/static/js/player.js
View file

@ -16,6 +16,8 @@ function _bsdnToHumanTime(time) {
} }
function _bsdnTpl(name, author) { function _bsdnTpl(name, author) {
name = escapeHtml(name);
return ` return `
<div class="bsdn_contextMenu" style="display: none;"> <div class="bsdn_contextMenu" style="display: none;">
<span class="bsdn_contextMenuElement bsdn_copyVideoUrl">Copy video link to clipboard</span> <span class="bsdn_contextMenuElement bsdn_copyVideoUrl">Copy video link to clipboard</span>