From 018d1d1bbb3007b22c9923220187927d359cabff Mon Sep 17 00:00:00 2001 From: Hannes Mannerheim Date: Sun, 6 Sep 2015 01:50:20 +0200 Subject: [PATCH] one more possible xss issue --- js/dom-functions.js | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/js/dom-functions.js b/js/dom-functions.js index 127ab57..d17277f 100644 --- a/js/dom-functions.js +++ b/js/dom-functions.js @@ -375,9 +375,11 @@ function openExternalProfileInPopup(data) { var noticeHtml = ''; if(typeof data.status != 'undefined') { data.status.user = data; - var $noticeHtmlObj = $('
').append(buildQueetHtml(data.status)); - $noticeHtmlObj.find('.queet-thumbs').remove(); - var noticeHtml = $noticeHtmlObj.outerHTML(); + if(data.status.source != 'activity' && data.status.is_activity !== true) { // no acitivy notices in preview + var $noticeHtmlObj = $('
').append(buildQueetHtml(data.status)); + $noticeHtmlObj.find('.queet-thumbs').remove(); + var noticeHtml = $noticeHtmlObj.outerHTML(); + } } popUpAction('popup-external-profile', data.screenNameWithServer,data.profileCard + noticeHtml,'' + window.sL.goToExternalProfile + ''); @@ -400,9 +402,11 @@ function openLocalProfileInPopup(data) { var noticeHtml = ''; if(typeof data.status != 'undefined') { data.status.user = data; - var $noticeHtmlObj = $('
').append(buildQueetHtml(data.status)); - $noticeHtmlObj.find('.queet-thumbs').remove(); - var noticeHtml = $noticeHtmlObj.outerHTML(); + if(data.status.source != 'activity' && data.status.is_activity !== true) { // no acitivy notices in preview + var $noticeHtmlObj = $('
').append(buildQueetHtml(data.status)); + $noticeHtmlObj.find('.queet-thumbs').remove(); + var noticeHtml = $noticeHtmlObj.outerHTML(); + } } popUpAction('popup-local-profile', '@' + data.screen_name, data.profileCardHtml + '
' + noticeHtml,'' + window.sL.goToExternalProfile + '');