diff options
| author | Jules Laplace <julescarbon@gmail.com> | 2018-01-01 19:13:02 +0100 |
|---|---|---|
| committer | Jules Laplace <julescarbon@gmail.com> | 2018-01-01 19:13:02 +0100 |
| commit | 9a55d9dc59c12e7f2453948b04d017de4e329fff (patch) | |
| tree | f8654db0c2f7816603bd6a1710804cbd233d755e /public/assets/js/lib/views/details/settings.js | |
| parent | 7176250d674711c86e69984766b603e4e54dc201 (diff) | |
sanitizing correctly
Diffstat (limited to 'public/assets/js/lib/views/details/settings.js')
| -rw-r--r-- | public/assets/js/lib/views/details/settings.js | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/public/assets/js/lib/views/details/settings.js b/public/assets/js/lib/views/details/settings.js index c8e53db..a7dd050 100644 --- a/public/assets/js/lib/views/details/settings.js +++ b/public/assets/js/lib/views/details/settings.js @@ -42,7 +42,7 @@ var ThreadSettingsForm = FormView.extend({ this.$(".close_link").attr("href", "/details/" + thread.id) this.$(".metadata").html(metadata(thread)) - this.$("[name=title]").val(sanitize(thread.title)) + this.$("[name=title]").val(thread.title) this.$("[name=hootbox]").prop("checked", !!thread.settings.hootbox) this.$("[name=shorturls]").prop("checked", !!thread.settings.shorturls) @@ -130,7 +130,7 @@ var ThreadSettingsForm = FormView.extend({ var usernames = this.$('[name=allowed_field]').val().replace(/,/g, ' ').split(' ').map(s => s.trim()).filter(s => !! s) this.$('[name=allowed_field]').val('') usernames = usernames.filter( (name) => this.allowed.indexOf(name) === -1 ) - .map( (name) => sanitize(name) ) + .map( (name) => sanitizeHTML(name) ) $.ajax({ method: "PUT", url: "/api/checkUsernames", @@ -216,7 +216,7 @@ var ThreadSettingsForm = FormView.extend({ var id = data.thread.id var comment_count = (data.comments || []).length var file_count = (data.files || []).length - var msg = "Are you sure you want to delete this thread?\n\n#" + id + ' "' + sanitize(data.thread.title) + '"' + var msg = "Are you sure you want to delete this thread?\n\n#" + id + ' "' + sanitizeHTML(data.thread.title) + '"' msg += " + " + comment_count + " comment" + courtesy_s(comment_count) if ( file_count) msg += " + " + file_count + " file" + courtesy_s(file_count) var should_remove = confirm(msg) @@ -244,7 +244,7 @@ var ThreadSettingsForm = FormView.extend({ var data = this.options.parent.data var file = data.files.find(f => f.id === file_id) if (! file) return - var msg = "Are you sure you want to delete this file?\n\n#" + file_id + ' "' + sanitize(file.filename) + '"' + var msg = "Are you sure you want to delete this file?\n\n#" + file_id + ' "' + sanitizeHTML(file.filename) + '"' var should_remove = confirm(msg) if (should_remove) { $.ajax({ |