mirror of
https://github.com/haiwen/seahub.git
synced 2025-10-21 19:00:12 +00:00
[lib] added necessary 'escape'
Conflicts: seahub/views/ajax.py
This commit is contained in:
@@ -423,7 +423,7 @@ define([
|
||||
} else {
|
||||
msg_s = gettext("Successfully deleted %(name)s and %(amount)s other items.");
|
||||
}
|
||||
msg_s = msg_s.replace('%(name)s', data['deleted'][0]).replace('%(amount)s', del_len - 1);
|
||||
msg_s = msg_s.replace('%(name)s', Common.HTMLescape(data['deleted'][0])).replace('%(amount)s', del_len - 1);
|
||||
Common.feedback(msg_s, 'success');
|
||||
}
|
||||
if (not_del_len > 0) {
|
||||
@@ -434,7 +434,7 @@ define([
|
||||
} else {
|
||||
msg_f = gettext("Internal error. Failed to delete %(name)s and %(amount)s other items.");
|
||||
}
|
||||
msg_f = msg_f.replace('%(name)s', data['undeleted'][0]).replace('%(amount)s', not_del_len - 1);
|
||||
msg_f = msg_f.replace('%(name)s', Common.HTMLescape(data['undeleted'][0])).replace('%(amount)s', not_del_len - 1);
|
||||
Common.feedback(msg_f, 'error');
|
||||
}
|
||||
$.modal.close();
|
||||
@@ -569,7 +569,7 @@ define([
|
||||
}
|
||||
}
|
||||
|
||||
msg_s = msg_s.replace('%(name)s', data['success'][0]).replace('%(amount)s', success_len - 1);
|
||||
msg_s = msg_s.replace('%(name)s', Common.HTMLescape(data['success'][0])).replace('%(amount)s', success_len - 1);
|
||||
//msg_s += ' <a href="' + view_url + '">' + "View" + '</a>';
|
||||
Common.feedback(msg_s, 'success');
|
||||
}
|
||||
@@ -588,7 +588,7 @@ define([
|
||||
msg_f = gettext("Internal error. Failed to copy %(name)s.");
|
||||
}
|
||||
}
|
||||
msg_f = msg_f.replace('%(name)s', data['failed'][0]).replace('%(amount)s', data['failed'].length - 1);
|
||||
msg_f = msg_f.replace('%(name)s', Common.HTMLescape(data['failed'][0])).replace('%(amount)s', data['failed'].length - 1);
|
||||
Common.feedback(msg_f, 'error');
|
||||
}
|
||||
},
|
||||
@@ -648,7 +648,7 @@ define([
|
||||
} else { // failed or canceled
|
||||
if (data['failed']) {
|
||||
var error_msg = op == 'mv' ? gettext('Failed to move %(name)s') : gettext('Failed to copy %(name)s');
|
||||
cancel_btn.after('<p class="error">' + error_msg.replace('%(name)s', obj_name) + '</p>');
|
||||
cancel_btn.after('<p class="error">' + error_msg.replace('%(name)s', Common.HTMLescape(obj_name)) + '</p>');
|
||||
end();
|
||||
}
|
||||
}
|
||||
|
@@ -196,7 +196,7 @@ define([
|
||||
el.remove();
|
||||
app.globalState.noFileOpPopup = true; // make other items can work normally when hover
|
||||
var msg = gettext("Successfully deleted %(name)s");
|
||||
msg = msg.replace('%(name)s', dirent_name);
|
||||
msg = msg.replace('%(name)s', Common.HTMLescape(dirent_name));
|
||||
Common.feedback(msg, 'success');
|
||||
},
|
||||
error: Common.ajaxErrorHandler
|
||||
@@ -217,7 +217,7 @@ define([
|
||||
$('#simplemodal-container').css({'width':'auto', 'height':'auto'});
|
||||
|
||||
var op_detail = $('.detail', form);
|
||||
op_detail.html(op_detail.html().replace('%(name)s', '<span class="op-target">' + dirent_name + '</span>'));
|
||||
op_detail.html(op_detail.html().replace('%(name)s', '<span class="op-target">' + Common.HTMLescape(dirent_name) + '</span>'));
|
||||
|
||||
var form_id = form.attr('id');
|
||||
var _this = this;
|
||||
@@ -281,14 +281,9 @@ define([
|
||||
obj_name = this.model.get('obj_name'),
|
||||
obj_type = this.model.get('is_dir') ? 'dir' : 'file';
|
||||
|
||||
var title;
|
||||
if (op_type == 'mv') {
|
||||
title = gettext("Move {placeholder} to:")
|
||||
.replace('{placeholder}', '<span class="op-target">' + obj_name + '</span>');
|
||||
} else {
|
||||
title = gettext("Copy {placeholder} to:")
|
||||
.replace('{placeholder}', '<span class="op-target">' + obj_name + '</span>');
|
||||
}
|
||||
var title = op_type == 'mv' ? gettext("Move {placeholder} to:") : gettext("Copy {placeholder} to:");
|
||||
title = title.replace('{placeholder}', '<span class="op-target">' + Common.HTMLescape(obj_name) + '</span>');
|
||||
|
||||
var form = $(this.mvcpTemplate({
|
||||
form_title: title,
|
||||
op_type: op_type,
|
||||
@@ -361,7 +356,7 @@ define([
|
||||
paddingTop: 50
|
||||
}, focus:false});
|
||||
var det_text = op == 'mv' ? gettext("Moving %(name)s") : gettext("Copying %(name)s");
|
||||
details.html(det_text.replace('%(name)s', obj_name)).removeClass('vh');
|
||||
details.html(det_text.replace('%(name)s', Common.HTMLescape(obj_name))).removeClass('vh');
|
||||
$('#mv-progress').progressbar();
|
||||
req_progress();
|
||||
}, 100);
|
||||
|
Reference in New Issue
Block a user