diff --git a/coinmanager/coinc/static/coinc/main.js b/coinmanager/coinc/static/coinc/main.js
index 5ccf1cb..5c6e026 100644
--- a/coinmanager/coinc/static/coinc/main.js
+++ b/coinmanager/coinc/static/coinc/main.js
@@ -31,11 +31,29 @@ let settings = {
exists: true
}
+
//
// Functions
//
-// return a datetime YYYY.MM.DD
+/* return escaped html */
+function escape_html (string) {
+ let entity_map = {
+ '&': '&',
+ '<': '<',
+ '>': '>',
+ '"': '"',
+ "'": ''',
+ '/': '/',
+ '`': '`',
+ '=': '='
+ };
+ return String(string).replace(/[&<>"'`=\/]/g, function (s) {
+ return entity_map[s];
+ });
+}
+
+/* return a datetime YYYY.MM.DD */
function get_datetime() {
let datetime = new Date();
return ('0' + datetime.getDate()).slice(-2) + '.' +
@@ -132,12 +150,13 @@ function render_response(data, td, set) {
/* add/update name */
if ('name' in data) {
+ let name = escape_html(data['name']);
let c = String(value).substring(2,3);
let div_special_name = $(td).find('div.special' + c + '_name');
if (div_special_name.length == 0) {
- $(td).append('' + data['name'] + '
');
+ $(td).append('' + name + '
');
} else if (div_special_name.length == 1) {
- div_special_name.html(data['name']);
+ div_special_name.html(name);
}
}
}
@@ -250,7 +269,7 @@ $(document).ready(function() {
let data = args['data'];
let td = args['td'];
if (response) {
- data['name'] = response['name'];
+ data['name'] = response['name'].trim().substring(0, 79);
}
$.ajax({
type: 'POST',
diff --git a/coinmanager/coinc/static/coinc/styles.css b/coinmanager/coinc/static/coinc/styles.css
index b04a3aa..44b02a6 100644
--- a/coinmanager/coinc/static/coinc/styles.css
+++ b/coinmanager/coinc/static/coinc/styles.css
@@ -145,7 +145,7 @@ div.two_lines {
div.special1_name, div.special2_name, div.special3_name {
display: none;
height: 40px;
- width: 150px;
+ width: 146px;
font-size: 1rem;
font-weight: 400;
line-height: 40px;