Replace JQuery .text by .html

- Prevents inserting unescaped HTML in page
This commit is contained in:
Hypolite Petovan 2020-11-16 18:16:20 -05:00
parent ba0d3b2435
commit b2c4116357
12 changed files with 20 additions and 19 deletions

View file

@ -4,7 +4,7 @@
$("nav").bind('nav-update', function(e,data){ $("nav").bind('nav-update', function(e,data){
var elm = $('#pending-update'); var elm = $('#pending-update');
var register = $(data).find('register').text(); var register = $(data).find('register').html();
if (register=="0") { register=""; elm.hide();} else { elm.show(); } if (register=="0") { register=""; elm.hide();} else { elm.show(); }
elm.html(register); elm.html(register);
}); });

View file

@ -168,7 +168,7 @@
$('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() { $('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() {
var selstr; var selstr;
$('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() { $('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() {
selstr = $(this).text(); selstr = $(this).html();
$('#jot-public').hide(); $('#jot-public').hide();
}); });
if(selstr == null) { if(selstr == null) {

View file

@ -10,7 +10,7 @@
$('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() { $('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() {
var selstr; var selstr;
$('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() { $('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() {
selstr = $(this).text(); selstr = $(this).html();
$('#jot-perms-icon').removeClass('unlock').addClass('lock'); $('#jot-perms-icon').removeClass('unlock').addClass('lock');
$('#jot-public').hide(); $('#jot-public').hide();
}); });

View file

@ -9,7 +9,7 @@
$('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() { $('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() {
var selstr; var selstr;
$('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() { $('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() {
selstr = $(this).text(); selstr = $(this).html();
$('#jot-perms-icon').removeClass('unlock').addClass('lock'); $('#jot-perms-icon').removeClass('unlock').addClass('lock');
$('#jot-public').hide(); $('#jot-public').hide();
}); });

View file

@ -23,7 +23,7 @@ $(document).ready(function() {
$('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() { $('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() {
var selstr; var selstr;
$('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() { $('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() {
selstr = $(this).text(); selstr = $(this).html();
$('#jot-public').hide(); $('#jot-public').hide();
}); });
if (selstr == null) { if (selstr == null) {

View file

@ -5,7 +5,7 @@ $(document).ready(function() {
$('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() { $('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() {
var selstr; var selstr;
$('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() { $('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() {
selstr = $(this).text(); selstr = $(this).html();
$('#jot-perms-icon').removeClass('unlock').addClass('lock'); $('#jot-perms-icon').removeClass('unlock').addClass('lock');
$('#jot-public').hide(); $('#jot-public').hide();
}); });

View file

@ -192,12 +192,12 @@ function loadModalTitle() {
var title = ""; var title = "";
// Get the text of the first element with "heading" class. // Get the text of the first element with "heading" class.
title = $("#modal-body .heading").first().text(); title = $("#modal-body .heading").first().html();
// for event modals we need some speacial handling // for event modals we need some speacial handling
if($("#modal-body .event-wrapper .event-summary").length) { if($("#modal-body .event-wrapper .event-summary").length) {
title = '<i class="fa fa-calendar" aria-hidden="true"></i>&nbsp;'; title = '<i class="fa fa-calendar" aria-hidden="true"></i>&nbsp;';
var eventsum = $("#modal-body .event-wrapper .event-summary").text(); var eventsum = $("#modal-body .event-wrapper .event-summary").html();
title = title + eventsum; title = title + eventsum;
} }

View file

@ -146,7 +146,7 @@ $(document).ready(function(){
if( $(".search-content-wrapper").length ) { if( $(".search-content-wrapper").length ) {
// get the text of the heading (we catch the plain text because we don't // get the text of the heading (we catch the plain text because we don't
// want to have a h4 heading in the navbar // want to have a h4 heading in the navbar
var searchText = $(".section-title-wrapper > h2").text(); var searchText = $(".section-title-wrapper > h2").html();
// insert the plain text in a <h4> heading and give it a class // insert the plain text in a <h4> heading and give it a class
var newText = '<h4 class="search-heading">'+searchText+'</h4>'; var newText = '<h4 class="search-heading">'+searchText+'</h4>';
// append the new heading to the navbar // append the new heading to the navbar
@ -208,7 +208,7 @@ $(document).ready(function(){
// get the heading element // get the heading element
var heading = $(".network-content-wrapper > .section-title-wrapper > h2"); var heading = $(".network-content-wrapper > .section-title-wrapper > h2");
// get the text of the heading // get the text of the heading
var headingContent = heading.text(); var headingContent = heading.html();
// create a new element with the content of the heading // create a new element with the content of the heading
var newText = '<h4 class="heading" data-toggle="tooltip" title="'+headingContent+'">'+headingContent+'</h4>'; var newText = '<h4 class="heading" data-toggle="tooltip" title="'+headingContent+'">'+headingContent+'</h4>';
// remove the old heading element // remove the old heading element
@ -221,7 +221,7 @@ $(document).ready(function(){
// get the heading element // get the heading element
var heading = $(".community-content-wrapper > h3").first(); var heading = $(".community-content-wrapper > h3").first();
// get the text of the heading // get the text of the heading
var headingContent = heading.text(); var headingContent = heading.html();
// create a new element with the content of the heading // create a new element with the content of the heading
var newText = '<h4 class="heading">'+headingContent+'</h4>'; var newText = '<h4 class="heading">'+headingContent+'</h4>';
// remove the old heading element // remove the old heading element
@ -790,7 +790,7 @@ function bin2hex (s) {
// Dropdown menus with the class "dropdown-head" will display the active tab // Dropdown menus with the class "dropdown-head" will display the active tab
// as button text // as button text
function toggleDropdownText(elm) { function toggleDropdownText(elm) {
$(elm).closest(".dropdown").find('.btn').html($(elm).text() + ' <span class="caret"></span>'); $(elm).closest(".dropdown").find('.btn').html($(elm).html() + ' <span class="caret"></span>');
$(elm).closest(".dropdown").find('.btn').val($(elm).data('value')); $(elm).closest(".dropdown").find('.btn').val($(elm).data('value'));
$(elm).closest("ul").children("li").show(); $(elm).closest("ul").children("li").show();
$(elm).parent("li").hide(); $(elm).parent("li").hide();

View file

@ -3,9 +3,10 @@
$(function(){ $(function(){
$("nav").bind('nav-update', function(e,data){ $("nav").bind('nav-update', function(e,data){
var elm = $('#pending-update'); var elm = $('#pending-update');
var register = $(data).find('register').text(); var register = parseInt($(data).find('register').text());
if (register=="0") { register = ""; } if (register > 0) {
elm.html(register); elm.html(register);
}
}); });
}); });
</script> </script>

View file

@ -2,8 +2,8 @@
$(document).ready(function(){ $(document).ready(function(){
$('nav').bind('nav-update', function(e,data){ $('nav').bind('nav-update', function(e,data){
var notifCount = $(data).find('notif').attr('count'); var notifCount = $(data).find('notif').attr('count');
var intro = $(data).find('intro').text(); var intro = parseInt($(data).find('intro').text());
var mail = $(data).find('mail').text(); var mail = parseInt($(data).find('mail').text());
$(".tool .notify").removeClass("on"); $(".tool .notify").removeClass("on");
$(data).find("group").each(function() { $(data).find("group").each(function() {

View file

@ -86,7 +86,7 @@ function enableOnUser(){
$('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() { $('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() {
var selstr; var selstr;
$('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() { $('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() {
selstr = $(this).text(); selstr = $(this).html();
$('#jot-perms-icon').removeClass('unlock').addClass('lock'); $('#jot-perms-icon').removeClass('unlock').addClass('lock');
$('#jot-public').hide(); $('#jot-public').hide();
$('.profile-jot-net input').attr('disabled', 'disabled'); $('.profile-jot-net input').attr('disabled', 'disabled');

View file

@ -170,7 +170,7 @@
$('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() { $('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() {
var selstr; var selstr;
$('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() { $('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() {
selstr = $(this).text(); selstr = $(this).html();
$('#jot-public').hide(); $('#jot-public').hide();
}); });
if(selstr == null) { if(selstr == null) {