[repo_create, 'details' view] escape some strings

2025-09-10 11:21:29 +00:00 · 2014-04-27 11:51:22 +08:00
parent 9c53e59ee0
commit 85acd95e14
3 changed files with 10 additions and 3 deletions
--- a/media/js/base.js
+++ b/media/js/base.js
@@ -652,3 +652,10 @@ function addAnchorsToHeaders(html) {
    });
    return tree.html();
 }
 function HTMLescape(html){
    return document.createElement('div')
        .appendChild(document.createTextNode(html))
        .parentNode
        .innerHTML;
 }
--- a/seahub/templates/snippets/list_commit_detail.html
+++ b/seahub/templates/snippets/list_commit_detail.html
@@ -29,7 +29,7 @@ function listCommitDetails(url, t) {
            show(data['deldir'], "{% trans "Deleted directories" %}");
            if (!con) {
                if (data['cmt_desc']) {
-                    con = '<p>' + data['cmt_desc'] + '</p>';
+                    con = '<p>' + HTMLescape(data['cmt_desc']) + '</p>';
                }
            }
            $('#ls-ch').css('text-align','left').html(heading + time + con);
--- a/seahub/templates/snippets/myhome_extra_script.html
+++ b/seahub/templates/snippets/myhome_extra_script.html
@@ -102,12 +102,12 @@ function repoCreateSuccessCallback(data) {
    $.modal.close();
    var new_repo_item = $('#new-repo .repo-item').clone(true); 
    var tds = $('td', new_repo_item);
-    var repo_id = data['repo_id'], repo_name = data['repo_name'];
+    var repo_id = data['repo_id'], repo_name = HTMLescape(data['repo_name']);
    if (data['repo_enc']) {
        $('img', $(tds[0])).attr('src', '{{MEDIA_URL}}img/sync-folder-encrypt-20.png');
    }
    $(tds[1]).html('<a href="{{ SITE_ROOT }}repo/' + repo_id + '/">' + repo_name + '</a>');
-    $(tds[2]).html(data['repo_desc']);
+    $(tds[2]).text(data['repo_desc']);
    $(tds[4]).attr('data-id', repo_id).attr('data-name', repo_name);
    var my_own_repos = $('#my-own-repos');