moritz/coinmanager
1
0
Fork 0
Code Issues 22 Pull Requests Releases Wiki Activity

fix #2: escape name field

Browse Source
This commit is contained in:
koksnuss 2020-05-12 22:07:40 +02:00
parent 60c500d219
commit f3ceb3aad4
2 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
coinmanager/coinc/static/coinc/main.js
View File

@ -31,11 +31,29 @@ let settings = {
exists: true exists: true
} }
// //
// Functions // Functions
// //
// return a datetime YYYY.MM.DD /* return escaped html */
function escape_html (string) {
let entity_map = {
'&': '&',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;',
'/': '&#x2F;',
'`': '&#x60;',
'=': '&#x3D;'
};
return String(string).replace(/[&<>"'`=\/]/g, function (s) {
return entity_map[s];
});
}
/* return a datetime YYYY.MM.DD */
function get_datetime() { function get_datetime() {
let datetime = new Date(); let datetime = new Date();
return ('0' + datetime.getDate()).slice(-2) + '.' + return ('0' + datetime.getDate()).slice(-2) + '.' +
@ -132,12 +150,13 @@ function render_response(data, td, set) {
/* add/update name */ /* add/update name */
if ('name' in data) { if ('name' in data) {
let name = escape_html(data['name']);
let c = String(value).substring(2,3); let c = String(value).substring(2,3);
let div_special_name = $(td).find('div.special' + c + '_name'); let div_special_name = $(td).find('div.special' + c + '_name');
if (div_special_name.length == 0) { if (div_special_name.length == 0) {
$(td).append('<div class="special' + c + '_name three_lines">' + data['name'] + '</div>'); $(td).append('<div class="special' + c + '_name three_lines">' + name + '</div>');
} else if (div_special_name.length == 1) { } else if (div_special_name.length == 1) {
div_special_name.html(data['name']); div_special_name.html(name);
} }
} }
} }
@ -250,7 +269,7 @@ $(document).ready(function() {
let data = args['data']; let data = args['data'];
let td = args['td']; let td = args['td'];
if (response) { if (response) {
data['name'] = response['name']; data['name'] = response['name'].trim().substring(0, 79);
} }
$.ajax({ $.ajax({
type: 'POST', type: 'POST',

2
coinmanager/coinc/static/coinc/styles.css
View File

@ -145,7 +145,7 @@ div.two_lines {
div.special1_name, div.special2_name, div.special3_name { div.special1_name, div.special2_name, div.special3_name {
display: none; display: none;
height: 40px; height: 40px;
width: 150px; width: 146px;
font-size: 1rem; font-size: 1rem;
font-weight: 400; font-weight: 400;
line-height: 40px; line-height: 40px;