diff options
author | nachoparker <nacho@ownyourbits.com> | 2019-01-11 05:22:10 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2019-01-11 05:22:21 +0300 |
commit | 6ba0cb0638160e24070d5ed5ce5212f46a660bbc (patch) | |
tree | b0ab193e8ab5ab686e6dcc2f744bcce4fc344f99 /ncp-web | |
parent | 0ff1df9b5c5b411941d1781587a91c65a8bd542f (diff) |
ncp-web: escape HTML in details boxv1.1.1
Diffstat (limited to 'ncp-web')
-rw-r--r-- | ncp-web/js/ncp.js | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/ncp-web/js/ncp.js b/ncp-web/js/ncp.js index 67ae725c..0f5402e5 100644 --- a/ncp-web/js/ncp.js +++ b/ncp-web/js/ncp.js @@ -164,7 +164,8 @@ function filter_apps(e) search_box.value = ''; var input = $$('#' + match.id + '-config-box input'); input.focus(); - input.selectionStart = input.selectionEnd = input.value.length; + if( input.getAttribute('type') != 'checkbox' ) + input.selectionStart = input.selectionEnd = input.value.length; $('#search-box').animate( {$width: '0px'}, 150 ).then(function() { $('#search-box').hide(); }); history.pushState(null, selectedID, "?app=" + selectedID); return; @@ -209,6 +210,10 @@ $(function() $('#poweroff-dialog').hide(); $('#overlay').hide(); + function escapeHTML(str) { + return str.replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>'); + } + source.addEventListener('message', function(e) { if ( e.origin != 'https://' + window.location.hostname + ':4443') @@ -220,7 +225,7 @@ $(function() if (!selectedID) return; var box_l = $('#' + selectedID + '-details-box'); var box = box_l[0]; - box_l.ht( box.innerHTML + e.data + '<br>' ); + box_l.ht( box.innerHTML + escapeHTML(e.data) + '<br>' ); box.scrollTop = box.scrollHeight; }, false); |