diff options
| author | Jules Laplace <julescarbon@gmail.com> | 2018-01-01 19:13:02 +0100 |
|---|---|---|
| committer | Jules Laplace <julescarbon@gmail.com> | 2018-01-01 19:13:02 +0100 |
| commit | 9a55d9dc59c12e7f2453948b04d017de4e329fff (patch) | |
| tree | f8654db0c2f7816603bd6a1710804cbd233d755e /public/assets/js/lib/views/profile/profile.js | |
| parent | 7176250d674711c86e69984766b603e4e54dc201 (diff) | |
sanitizing correctly
Diffstat (limited to 'public/assets/js/lib/views/profile/profile.js')
| -rw-r--r-- | public/assets/js/lib/views/profile/profile.js | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/public/assets/js/lib/views/profile/profile.js b/public/assets/js/lib/views/profile/profile.js index 2254bd5..1064adb 100644 --- a/public/assets/js/lib/views/profile/profile.js +++ b/public/assets/js/lib/views/profile/profile.js @@ -18,7 +18,7 @@ var ProfileView = View.extend({ populate: function(user){ $("body").removeClass('loading') var $table = this.$("table") - var username = sanitize(user.username) + var username = sanitizeHTML(user.username) var is_own_profile = (username === auth.user.username) if (is_own_profile) { $(".edit_profile a").attr("href", "/profile/" + username + "/edit") @@ -34,27 +34,27 @@ var ProfileView = View.extend({ ].map(pair => { var key = pair[0], label = pair[1] if (! user[key]) return; - return [label, sanitize(user[key])] + return [label, sanitizeHTML(user[key])] }) if (user.email) { fields.push([ 'Email', - '<a href="mailto:' + sanitize(user.email) + '">' + sanitize(user.email) + '</a>' + '<a href="mailto:' + sanitizeHTML(user.email) + '">' + sanitizeHTML(user.email) + '</a>' ]) } if (user.twitter) { if (user.twitter.match(/^http/)) { var partz = user.twitter.split('/') if (partz.length > 2) { - var handle = sanitize(partz[3]) + var handle = sanitizeHTML(partz[3]) fields.push([ 'Twitter', '<a href="https://twitter.com/' + handle + '">@' + handle + '</a>' ]) } } else { - var handle = sanitize(user.twitter) + var handle = sanitizeHTML(user.twitter) fields.push([ 'Twitter', '<a href="https://twitter.com/' + handle + '">@' + handle + '</a>' @@ -62,10 +62,10 @@ var ProfileView = View.extend({ } } if (user.website) { - var website = sanitize(user.website) + var website = sanitizeHTML(user.website) fields.push([ 'Website', - '<a href="' + sanitize(website) + '">' + sanitize(website) + '</a>' + '<a href="' + sanitizeHTML(website) + '">' + sanitizeHTML(website) + '</a>' ]) } |