wamo/Qvitter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

xss fix, thx @chc4@quitter.se

Browse Source
This commit is contained in:
Hannes Mannerheim 2016-02-07 02:23:38 +01:00
parent b4f45b8537
commit 2590528d63
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
js/misc-functions.js
View File

@ -1882,7 +1882,8 @@ function loadHistoryFromLocalStorage() {
$('#history-container').css('display','block'); $('#history-container').css('display','block');
$('#history-container').html(''); $('#history-container').html('');
$.each(cacheData, function(key,obj) { $.each(cacheData, function(key,obj) {
$('#history-container').append('<a class="stream-selection" href="' + obj.dataStreamHref + '">' + obj.dataStreamHeader + '<i class="chev-right" data-tooltip="' + window.sL.tooltipBookmarkStream + '"></i></a>'); var streamHeader = replaceHtmlSpecialChars(obj.dataStreamHeader); // because we're pulling the header with jQuery.text() before saving in localstorage, which unescapes our escaped html
$('#history-container').append('<a class="stream-selection" href="' + obj.dataStreamHref + '">' + streamHeader + '<i class="chev-right" data-tooltip="' + window.sL.tooltipBookmarkStream + '"></i></a>');
}); });
} }
updateHistoryLocalStorage(); updateHistoryLocalStorage();