diff options
| author | Jules Laplace <julescarbon@gmail.com> | 2018-01-01 19:13:02 +0100 |
|---|---|---|
| committer | Jules Laplace <julescarbon@gmail.com> | 2018-01-01 19:13:02 +0100 |
| commit | 9a55d9dc59c12e7f2453948b04d017de4e329fff (patch) | |
| tree | f8654db0c2f7816603bd6a1710804cbd233d755e /public/assets/js/lib/views/profile | |
| parent | 7176250d674711c86e69984766b603e4e54dc201 (diff) | |
sanitizing correctly
Diffstat (limited to 'public/assets/js/lib/views/profile')
| -rw-r--r-- | public/assets/js/lib/views/profile/profile.js | 14 | ||||
| -rw-r--r-- | public/assets/js/lib/views/profile/profile_edit.js | 4 |
2 files changed, 9 insertions, 9 deletions
diff --git a/public/assets/js/lib/views/profile/profile.js b/public/assets/js/lib/views/profile/profile.js index 2254bd5..1064adb 100644 --- a/public/assets/js/lib/views/profile/profile.js +++ b/public/assets/js/lib/views/profile/profile.js @@ -18,7 +18,7 @@ var ProfileView = View.extend({ populate: function(user){ $("body").removeClass('loading') var $table = this.$("table") - var username = sanitize(user.username) + var username = sanitizeHTML(user.username) var is_own_profile = (username === auth.user.username) if (is_own_profile) { $(".edit_profile a").attr("href", "/profile/" + username + "/edit") @@ -34,27 +34,27 @@ var ProfileView = View.extend({ ].map(pair => { var key = pair[0], label = pair[1] if (! user[key]) return; - return [label, sanitize(user[key])] + return [label, sanitizeHTML(user[key])] }) if (user.email) { fields.push([ 'Email', - '<a href="mailto:' + sanitize(user.email) + '">' + sanitize(user.email) + '</a>' + '<a href="mailto:' + sanitizeHTML(user.email) + '">' + sanitizeHTML(user.email) + '</a>' ]) } if (user.twitter) { if (user.twitter.match(/^http/)) { var partz = user.twitter.split('/') if (partz.length > 2) { - var handle = sanitize(partz[3]) + var handle = sanitizeHTML(partz[3]) fields.push([ 'Twitter', '<a href="https://twitter.com/' + handle + '">@' + handle + '</a>' ]) } } else { - var handle = sanitize(user.twitter) + var handle = sanitizeHTML(user.twitter) fields.push([ 'Twitter', '<a href="https://twitter.com/' + handle + '">@' + handle + '</a>' @@ -62,10 +62,10 @@ var ProfileView = View.extend({ } } if (user.website) { - var website = sanitize(user.website) + var website = sanitizeHTML(user.website) fields.push([ 'Website', - '<a href="' + sanitize(website) + '">' + sanitize(website) + '</a>' + '<a href="' + sanitizeHTML(website) + '">' + sanitizeHTML(website) + '</a>' ]) } diff --git a/public/assets/js/lib/views/profile/profile_edit.js b/public/assets/js/lib/views/profile/profile_edit.js index e50a7c0..d3656c4 100644 --- a/public/assets/js/lib/views/profile/profile_edit.js +++ b/public/assets/js/lib/views/profile/profile_edit.js @@ -18,12 +18,12 @@ var ProfileForm = FormView.extend({ load: function(username){ this.action = "/api/user/" + username; "realname location email phone website twitter".split(" ").forEach((field) => { - this.$('[name=' + field + ']').val( sanitize(auth.user[field]) ) + this.$('[name=' + field + ']').val( auth.user[field] ) }) if (! auth.user.avatar) { $("#profile-avatar-embed").hide() } else { - $("#profile-avatar-embed").attr("src", sanitize(auth.user.avatar)) + $("#profile-avatar-embed").attr("src", sanitizeHTML(auth.user.avatar)) } $("body").removeClass('loading') }, |