wamo/Qvitter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

one more possible xss issue

Browse Source
This commit is contained in:
Hannes Mannerheim 2015-09-06 01:50:20 +02:00
parent 76dcc86ffc
commit 018d1d1bbb
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
js/dom-functions.js
View File

@ -375,10 +375,12 @@ function openExternalProfileInPopup(data) {
var noticeHtml = ''; var noticeHtml = '';
if(typeof data.status != 'undefined') { if(typeof data.status != 'undefined') {
data.status.user = data; data.status.user = data;
if(data.status.source != 'activity' && data.status.is_activity !== true) { // no acitivy notices in preview
var $noticeHtmlObj = $('<div/>').append(buildQueetHtml(data.status)); var $noticeHtmlObj = $('<div/>').append(buildQueetHtml(data.status));
$noticeHtmlObj.find('.queet-thumbs').remove(); $noticeHtmlObj.find('.queet-thumbs').remove();
var noticeHtml = $noticeHtmlObj.outerHTML(); var noticeHtml = $noticeHtmlObj.outerHTML();
} }
}
popUpAction('popup-external-profile', data.screenNameWithServer,data.profileCard + noticeHtml,'<a class="go-to-external-profile" href="' + data.statusnet_profile_url + '">' + window.sL.goToExternalProfile + '</a>'); popUpAction('popup-external-profile', data.screenNameWithServer,data.profileCard + noticeHtml,'<a class="go-to-external-profile" href="' + data.statusnet_profile_url + '">' + window.sL.goToExternalProfile + '</a>');
} }
@ -400,10 +402,12 @@ function openLocalProfileInPopup(data) {
var noticeHtml = ''; var noticeHtml = '';
if(typeof data.status != 'undefined') { if(typeof data.status != 'undefined') {
data.status.user = data; data.status.user = data;
if(data.status.source != 'activity' && data.status.is_activity !== true) { // no acitivy notices in preview
var $noticeHtmlObj = $('<div/>').append(buildQueetHtml(data.status)); var $noticeHtmlObj = $('<div/>').append(buildQueetHtml(data.status));
$noticeHtmlObj.find('.queet-thumbs').remove(); $noticeHtmlObj.find('.queet-thumbs').remove();
var noticeHtml = $noticeHtmlObj.outerHTML(); var noticeHtml = $noticeHtmlObj.outerHTML();
} }
}
popUpAction('popup-local-profile', '@' + data.screen_name, data.profileCardHtml + '<div class="clearfix"></div>' + noticeHtml,'<a class="go-to-local-profile" href="' + data.statusnet_profile_url + '">' + window.sL.goToExternalProfile + '</a>'); popUpAction('popup-local-profile', '@' + data.screen_name, data.profileCardHtml + '<div class="clearfix"></div>' + noticeHtml,'<a class="go-to-local-profile" href="' + data.statusnet_profile_url + '">' + window.sL.goToExternalProfile + '</a>');
} }