Use attr() on user-controlled data
See https://www.reddit.com/r/javascript/comments/8f57i1/psa_there_are_over_1000_people_in_the_us_named/dy0rib2/
This commit is contained in:
parent
2ea6446323
commit
14cc8b7827
@ -27,8 +27,8 @@ module.exports = class ContextMenu {
|
|||||||
|
|
||||||
contextMenu.find(".context-menu-item").on("click", function() {
|
contextMenu.find(".context-menu-item").on("click", function() {
|
||||||
const $this = $(this);
|
const $this = $(this);
|
||||||
const itemData = $this.data("data");
|
const itemData = $this.attr("data-data");
|
||||||
const contextAction = $this.data("action");
|
const contextAction = $this.attr("data-action");
|
||||||
contextMenuActions.execute(contextAction, itemData);
|
contextMenuActions.execute(contextAction, itemData);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -20,7 +20,7 @@ addDefaultItems();
|
|||||||
* addContextMenuItem({
|
* addContextMenuItem({
|
||||||
* check: (target) => target.hasClass("user"),
|
* check: (target) => target.hasClass("user"),
|
||||||
* className: "customItemName",
|
* className: "customItemName",
|
||||||
* data: (target) => target.data("name"),
|
* data: (target) => target.attr("data-name"),
|
||||||
* displayName: "Do something",
|
* displayName: "Do something",
|
||||||
* callback: (name) => console.log(name), // print the name of the user to console
|
* callback: (name) => console.log(name), // print the name of the user to console
|
||||||
* });
|
* });
|
||||||
@ -67,8 +67,8 @@ function addWhoisItem() {
|
|||||||
addContextMenuItem({
|
addContextMenuItem({
|
||||||
check: (target) => target.hasClass("user"),
|
check: (target) => target.hasClass("user"),
|
||||||
className: "user",
|
className: "user",
|
||||||
displayName: (target) => target.data("name"),
|
displayName: (target) => target.attr("data-name"),
|
||||||
data: (target) => target.data("name"),
|
data: (target) => target.attr("data-name"),
|
||||||
callback: whois,
|
callback: whois,
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -80,7 +80,7 @@ function addWhoisItem() {
|
|||||||
check: (target) => target.hasClass("user"),
|
check: (target) => target.hasClass("user"),
|
||||||
className: "action-whois",
|
className: "action-whois",
|
||||||
displayName: "User information",
|
displayName: "User information",
|
||||||
data: (target) => target.data("name"),
|
data: (target) => target.attr("data-name"),
|
||||||
callback: whois,
|
callback: whois,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -103,7 +103,7 @@ function addQueryItem() {
|
|||||||
check: (target) => target.hasClass("user"),
|
check: (target) => target.hasClass("user"),
|
||||||
className: "action-query",
|
className: "action-query",
|
||||||
displayName: "Direct messages",
|
displayName: "Direct messages",
|
||||||
data: (target) => target.data("name"),
|
data: (target) => target.attr("data-name"),
|
||||||
callback: query,
|
callback: query,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -120,7 +120,7 @@ function addKickItem() {
|
|||||||
check: (target) => utils.hasRoleInChannel(target.closest(".chan"), ["op"]) && target.closest(".chan").data("type") === "channel",
|
check: (target) => utils.hasRoleInChannel(target.closest(".chan"), ["op"]) && target.closest(".chan").data("type") === "channel",
|
||||||
className: "action-kick",
|
className: "action-kick",
|
||||||
displayName: "Kick",
|
displayName: "Kick",
|
||||||
data: (target) => target.data("name"),
|
data: (target) => target.attr("data-name"),
|
||||||
callback: kick,
|
callback: kick,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -136,10 +136,10 @@ function addOpItem() {
|
|||||||
addContextMenuItem({
|
addContextMenuItem({
|
||||||
check: (target) =>
|
check: (target) =>
|
||||||
utils.hasRoleInChannel(target.closest(".chan"), ["op"]) &&
|
utils.hasRoleInChannel(target.closest(".chan"), ["op"]) &&
|
||||||
!utils.hasRoleInChannel(target.closest(".chan"), ["op"], target.data("name")),
|
!utils.hasRoleInChannel(target.closest(".chan"), ["op"], target.attr("data-name")),
|
||||||
className: "action-op",
|
className: "action-op",
|
||||||
displayName: "Give operator (+o)",
|
displayName: "Give operator (+o)",
|
||||||
data: (target) => target.data("name"),
|
data: (target) => target.attr("data-name"),
|
||||||
callback: op,
|
callback: op,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -155,10 +155,10 @@ function addDeopItem() {
|
|||||||
addContextMenuItem({
|
addContextMenuItem({
|
||||||
check: (target) =>
|
check: (target) =>
|
||||||
utils.hasRoleInChannel(target.closest(".chan"), ["op"]) &&
|
utils.hasRoleInChannel(target.closest(".chan"), ["op"]) &&
|
||||||
utils.hasRoleInChannel(target.closest(".chan"), ["op"], target.data("name")),
|
utils.hasRoleInChannel(target.closest(".chan"), ["op"], target.attr("data-name")),
|
||||||
className: "action-op",
|
className: "action-op",
|
||||||
displayName: "Revoke operator (-o)",
|
displayName: "Revoke operator (-o)",
|
||||||
data: (target) => target.data("name"),
|
data: (target) => target.attr("data-name"),
|
||||||
callback: deop,
|
callback: deop,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -174,10 +174,10 @@ function addVoiceItem() {
|
|||||||
addContextMenuItem({
|
addContextMenuItem({
|
||||||
check: (target) =>
|
check: (target) =>
|
||||||
utils.hasRoleInChannel(target.closest(".chan"), ["op"]) &&
|
utils.hasRoleInChannel(target.closest(".chan"), ["op"]) &&
|
||||||
!utils.hasRoleInChannel(target.closest(".chan"), ["voice"], target.data("name")),
|
!utils.hasRoleInChannel(target.closest(".chan"), ["voice"], target.attr("data-name")),
|
||||||
className: "action-voice",
|
className: "action-voice",
|
||||||
displayName: "Give voice (+v)",
|
displayName: "Give voice (+v)",
|
||||||
data: (target) => target.data("name"),
|
data: (target) => target.attr("data-name"),
|
||||||
callback: voice,
|
callback: voice,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -193,10 +193,10 @@ function addDevoiceItem() {
|
|||||||
addContextMenuItem({
|
addContextMenuItem({
|
||||||
check: (target) =>
|
check: (target) =>
|
||||||
utils.hasRoleInChannel(target.closest(".chan"), ["op"]) &&
|
utils.hasRoleInChannel(target.closest(".chan"), ["op"]) &&
|
||||||
utils.hasRoleInChannel(target.closest(".chan"), ["voice"], target.data("name")),
|
utils.hasRoleInChannel(target.closest(".chan"), ["voice"], target.attr("data-name")),
|
||||||
className: "action-voice",
|
className: "action-voice",
|
||||||
displayName: "Revoke voice (-v)",
|
displayName: "Revoke voice (-v)",
|
||||||
data: (target) => target.data("name"),
|
data: (target) => target.attr("data-name"),
|
||||||
callback: devoice,
|
callback: devoice,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -220,7 +220,7 @@ function addFocusItem() {
|
|||||||
check: (target) => target.hasClass("chan"),
|
check: (target) => target.hasClass("chan"),
|
||||||
className: getClass,
|
className: getClass,
|
||||||
displayName: (target) => target.attr("aria-label"),
|
displayName: (target) => target.attr("aria-label"),
|
||||||
data: (target) => target.data("target"),
|
data: (target) => target.attr("data-target"),
|
||||||
callback: focusChan,
|
callback: focusChan,
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -142,7 +142,7 @@ $(function() {
|
|||||||
});
|
});
|
||||||
|
|
||||||
chat.on("click", ".inline-channel", function() {
|
chat.on("click", ".inline-channel", function() {
|
||||||
const name = $(this).data("chan");
|
const name = $(this).attr("data-chan");
|
||||||
const chan = utils.findCurrentNetworkChan(name);
|
const chan = utils.findCurrentNetworkChan(name);
|
||||||
|
|
||||||
if (chan.length) {
|
if (chan.length) {
|
||||||
@ -161,7 +161,7 @@ $(function() {
|
|||||||
|
|
||||||
const openWindow = function openWindow(e, {keepSidebarOpen, pushState, replaceHistory} = {}) {
|
const openWindow = function openWindow(e, {keepSidebarOpen, pushState, replaceHistory} = {}) {
|
||||||
const self = $(this);
|
const self = $(this);
|
||||||
const target = self.data("target");
|
const target = self.attr("data-target");
|
||||||
|
|
||||||
if (!target) {
|
if (!target) {
|
||||||
return false;
|
return false;
|
||||||
@ -248,7 +248,7 @@ $(function() {
|
|||||||
|
|
||||||
if (self.hasClass("chan")) {
|
if (self.hasClass("chan")) {
|
||||||
$("#chat-container").addClass("active");
|
$("#chat-container").addClass("active");
|
||||||
$("#nick").text(self.closest(".network").data("nick"));
|
$("#nick").text(self.closest(".network").attr("data-nick"));
|
||||||
}
|
}
|
||||||
|
|
||||||
const chanChat = chan.find(".chat");
|
const chanChat = chan.find(".chat");
|
||||||
@ -342,7 +342,7 @@ $(function() {
|
|||||||
check: (target) => target.hasClass("chan"),
|
check: (target) => target.hasClass("chan"),
|
||||||
className: "close",
|
className: "close",
|
||||||
displayName: getCloseDisplay,
|
displayName: getCloseDisplay,
|
||||||
data: (target) => target.data("target"),
|
data: (target) => target.attr("data-target"),
|
||||||
callback: (itemData) => closeChan($(`.networks .chan[data-target="${itemData}"]`)),
|
callback: (itemData) => closeChan($(`.networks .chan[data-target="${itemData}"]`)),
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ const settings = {
|
|||||||
notifyAllMessages: false,
|
notifyAllMessages: false,
|
||||||
showSeconds: false,
|
showSeconds: false,
|
||||||
statusMessages: "condensed",
|
statusMessages: "condensed",
|
||||||
theme: $("#theme").data("server-theme"),
|
theme: $("#theme").attr("data-server-theme"),
|
||||||
media: true,
|
media: true,
|
||||||
userStyles: "",
|
userStyles: "",
|
||||||
};
|
};
|
||||||
|
@ -189,7 +189,7 @@ function renderChannelUsers(data) {
|
|||||||
// We need to un-highlight everything first because triggering `input` with
|
// We need to un-highlight everything first because triggering `input` with
|
||||||
// a value highlights the first entry.
|
// a value highlights the first entry.
|
||||||
users.find(".user").removeClass("active");
|
users.find(".user").removeClass("active");
|
||||||
users.find(`.user[data-name="${previouslyActive.data("name")}"]`).addClass("active");
|
users.find(`.user[data-name="${previouslyActive.attr("data-name")}"]`).addClass("active");
|
||||||
}
|
}
|
||||||
|
|
||||||
return users;
|
return users;
|
||||||
|
@ -6,7 +6,7 @@ const socket = require("../socket");
|
|||||||
socket.on("nick", function(data) {
|
socket.on("nick", function(data) {
|
||||||
const id = data.network;
|
const id = data.network;
|
||||||
const nick = data.nick;
|
const nick = data.nick;
|
||||||
const network = $(`#sidebar .network[data-uuid="${id}"]`).data("nick", nick);
|
const network = $(`#sidebar .network[data-uuid="${id}"]`).attr("data-nick", nick);
|
||||||
|
|
||||||
if (network.find(".active").length) {
|
if (network.find(".active").length) {
|
||||||
$("#nick").text(nick);
|
$("#nick").text(nick);
|
||||||
|
@ -11,7 +11,7 @@ socket.on("quit", function(data) {
|
|||||||
|
|
||||||
network.children(".chan").each(function() {
|
network.children(".chan").each(function() {
|
||||||
// this = child
|
// this = child
|
||||||
chat.find($(this).data("target")).remove();
|
chat.find($(this).attr("data-target")).remove();
|
||||||
});
|
});
|
||||||
|
|
||||||
network.remove();
|
network.remove();
|
||||||
|
@ -48,7 +48,7 @@ function hasRoleInChannel(channel, roles, nick) {
|
|||||||
|
|
||||||
const channelID = channel.data("id");
|
const channelID = channel.data("id");
|
||||||
const network = $("#sidebar .network").has(`.chan[data-id="${channelID}"]`);
|
const network = $("#sidebar .network").has(`.chan[data-id="${channelID}"]`);
|
||||||
const target = nick || network.data("nick");
|
const target = nick || network.attr("data-nick");
|
||||||
const user = channel.find(`.names-original .user[data-name="${escape(target)}"]`).first();
|
const user = channel.find(`.names-original .user[data-name="${escape(target)}"]`).first();
|
||||||
return user.parent().is("." + roles.join(", ."));
|
return user.parent().is("." + roles.join(", ."));
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user