Skip to content
Permalink
Browse files Browse the repository at this point in the history
Excape HTML (where needed, for bootbox) (references #996)
  • Loading branch information
berrnd committed Sep 8, 2020
1 parent 22434c8 commit 0df2590
Show file tree
Hide file tree
Showing 19 changed files with 32 additions and 24 deletions.
8 changes: 8 additions & 0 deletions public/js/extensions.js
Expand Up @@ -172,17 +172,20 @@ function animateCSS(selector, animationName, callback, speed = "faster")

nodes.on('animationend', handleAnimationEnd);
}

function RandomString()
{
return Math.random().toString(36).substring(2, 100) + Math.random().toString(36).substring(2, 100);
}

function getQRCodeForContent(url)
{
var qr = qrcode(0, 'L');
qr.addData(url);
qr.make();
return qr.createImgTag(10, 5);
}

function getQRCodeForAPIKey(apikey_type, apikey_key)
{
var content = U('/api') + '|' + apikey_key;
Expand All @@ -192,3 +195,8 @@ function getQRCodeForAPIKey(apikey_type, apikey_key)
}
return getQRCodeForContent(content);
}

function SanitizeHtml(input)
{
return $("<div/>").text(input).html();
}
2 changes: 1 addition & 1 deletion public/viewjs/batteries.js
Expand Up @@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()

$(document).on('click', '.battery-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-battery-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-battery-name'));
var objectId = $(e.currentTarget).attr('data-battery-id');

bootbox.confirm({
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/chores.js
Expand Up @@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()

$(document).on('click', '.chore-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-chore-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-chore-name'));
var objectId = $(e.currentTarget).attr('data-chore-id');

bootbox.confirm({
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/components/productpicker.js
Expand Up @@ -162,7 +162,7 @@ $('#product_id_text_input').on('blur', function(e)

Grocy.Components.ProductPicker.PopupOpen = true;
bootbox.dialog({
message: __t('"%s" could not be resolved to a product, how do you want to proceed?', input),
message: __t('"%s" could not be resolved to a product, how do you want to proceed?', SanitizeHtml(input)),
title: __t('Create or assign product'),
onEscape: function()
{
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/equipment.js
Expand Up @@ -68,7 +68,7 @@ $("#search").on("keyup", Delay(function()

$(document).on('click', '.equipment-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-equipment-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-equipment-name'));
var objectId = $(e.currentTarget).attr('data-equipment-id');

bootbox.confirm({
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/locations.js
Expand Up @@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()

$(document).on('click', '.location-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-location-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-location-name'));
var objectId = $(e.currentTarget).attr('data-location-id');

bootbox.confirm({
Expand Down
4 changes: 2 additions & 2 deletions public/viewjs/mealplan.js
Expand Up @@ -563,7 +563,7 @@ $(document).on('click', '.recipe-order-missing-button', function(e)
// to prevent that the tooltip stays until clicked anywhere else
document.activeElement.blur();

var objectName = $(e.currentTarget).attr('data-recipe-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
var objectId = $(e.currentTarget).attr('data-recipe-id');
var button = $(this);
var servings = $(e.currentTarget).attr('data-mealplan-servings');
Expand Down Expand Up @@ -667,7 +667,7 @@ $(document).on('click', '.recipe-consume-button', function(e)
// to prevent that the tooltip stays until clicked anywhere else
document.activeElement.blur();

var objectName = $(e.currentTarget).attr('data-recipe-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
var objectId = $(e.currentTarget).attr('data-recipe-id');
var servings = $(e.currentTarget).attr('data-mealplan-servings');

Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/productgroups.js
Expand Up @@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()

$(document).on('click', '.product-group-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-group-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-group-name'));
var objectId = $(e.currentTarget).attr('data-group-id');

bootbox.confirm({
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/products.js
Expand Up @@ -38,7 +38,7 @@ if (typeof GetUriParam("product-group") !== "undefined")

$(document).on('click', '.product-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-product-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-product-name'));
var objectId = $(e.currentTarget).attr('data-product-id');

Grocy.Api.Get('stock/products/' + objectId,
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/quantityunits.js
Expand Up @@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()

$(document).on('click', '.quantityunit-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-quantityunit-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-quantityunit-name'));
var objectId = $(e.currentTarget).attr('data-quantityunit-id');

bootbox.confirm({
Expand Down
6 changes: 3 additions & 3 deletions public/viewjs/recipeform.js
Expand Up @@ -126,7 +126,7 @@ $('#recipe-form input').keydown(function(event)

$(document).on('click', '.recipe-pos-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-recipe-pos-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-pos-name'));
var objectId = $(e.currentTarget).attr('data-recipe-pos-id');

bootbox.confirm({
Expand Down Expand Up @@ -163,7 +163,7 @@ $(document).on('click', '.recipe-pos-delete-button', function(e)

$(document).on('click', '.recipe-include-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-recipe-include-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-include-name'));
var objectId = $(e.currentTarget).attr('data-recipe-include-id');

bootbox.confirm({
Expand Down Expand Up @@ -200,7 +200,7 @@ $(document).on('click', '.recipe-include-delete-button', function(e)

$(document).on('click', '.recipe-pos-show-note-button', function(e)
{
var note = $(e.currentTarget).attr('data-recipe-pos-note');
var note = SanitizeHtml($(e.currentTarget).attr('data-recipe-pos-note'));

bootbox.alert(note);
});
Expand Down
6 changes: 3 additions & 3 deletions public/viewjs/recipes.js
Expand Up @@ -81,7 +81,7 @@ $(".recipe-delete").on('click', function(e)
{
e.preventDefault();

var objectName = $(e.currentTarget).attr('data-recipe-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
var objectId = $(e.currentTarget).attr('data-recipe-id');

bootbox.confirm({
Expand Down Expand Up @@ -118,7 +118,7 @@ $(".recipe-delete").on('click', function(e)

$(document).on('click', '.recipe-shopping-list', function(e)
{
var objectName = $(e.currentTarget).attr('data-recipe-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
var objectId = $(e.currentTarget).attr('data-recipe-id');

bootbox.confirm({
Expand Down Expand Up @@ -164,7 +164,7 @@ $(document).on('click', '.recipe-shopping-list', function(e)

$(".recipe-consume").on('click', function(e)
{
var objectName = $(e.currentTarget).attr('data-recipe-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
var objectId = $(e.currentTarget).attr('data-recipe-id');

bootbox.confirm({
Expand Down
4 changes: 2 additions & 2 deletions public/viewjs/shoppinglist.js
Expand Up @@ -77,7 +77,7 @@ $(".status-filter-message").on("click", function()

$("#delete-selected-shopping-list").on("click", function()
{
var objectName = $("#selected-shopping-list option:selected").text();
var objectName = SanitizeHtml($("#selected-shopping-list option:selected").text());
var objectId = $("#selected-shopping-list").val();

bootbox.confirm({
Expand Down Expand Up @@ -158,7 +158,7 @@ $(document).on('click', '#add-products-below-min-stock-amount', function(e)
$(document).on('click', '#clear-shopping-list', function(e)
{
bootbox.confirm({
message: __t('Are you sure to empty shopping list "%s"?', $("#selected-shopping-list option:selected").text()),
message: __t('Are you sure to empty shopping list "%s"?', SanitizeHtml($("#selected-shopping-list option:selected").text())),
closeButton: false,
buttons: {
confirm: {
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/shoppinglocations.js
Expand Up @@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()

$(document).on('click', '.shoppinglocation-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-shoppinglocation-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-shoppinglocation-name'));
var objectId = $(e.currentTarget).attr('data-shoppinglocation-id');

bootbox.confirm({
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/taskcategories.js
Expand Up @@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()

$(document).on('click', '.task-category-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-category-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-category-name'));
var objectId = $(e.currentTarget).attr('data-category-id');

bootbox.confirm({
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/tasks.js
Expand Up @@ -119,7 +119,7 @@ $(document).on('click', '.delete-task-button', function(e)
{
e.preventDefault();

var objectName = $(e.currentTarget).attr('data-task-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-task-name'));
var objectId = $(e.currentTarget).attr('data-task-id');

bootbox.confirm({
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/userentities.js
Expand Up @@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()

$(document).on('click', '.userentity-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-userentity-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-userentity-name'));
var objectId = $(e.currentTarget).attr('data-userentity-id');

bootbox.confirm({
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/userfields.js
Expand Up @@ -33,7 +33,7 @@ $("#entity-filter").on("change", function()

$(document).on('click', '.userfield-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-userfield-name');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-userfield-name'));
var objectId = $(e.currentTarget).attr('data-userfield-id');

bootbox.confirm({
Expand Down
2 changes: 1 addition & 1 deletion public/viewjs/users.js
Expand Up @@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()

$(document).on('click', '.user-delete-button', function(e)
{
var objectName = $(e.currentTarget).attr('data-user-username');
var objectName = SanitizeHtml($(e.currentTarget).attr('data-user-username'));
var objectId = $(e.currentTarget).attr('data-user-id');

bootbox.confirm({
Expand Down

0 comments on commit 0df2590

Please sign in to comment.