ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

client/views: escape tag/user/post links

Browse source
This commit is contained in:
rr- 2016-10-02 20:17:08 +02:00
parent 419deca894
commit 2b34d395eb
1 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
client/js/util/views.js
View file

@ -178,8 +178,10 @@ function makePostLink(id, includeHash) {
} }
return api.hasPrivilege('posts:view') ? return api.hasPrivilege('posts:view') ?
makeNonVoidElement( makeNonVoidElement(
'a', {'href': '/post/' + encodeURIComponent(id)}, text) : 'a',
text; {'href': '/post/' + encodeURIComponent(id)},
misc.escapeHtml(text)) :
misc.escapeHtml(text);
} }
function makeTagLink(name, includeHash) { function makeTagLink(name, includeHash) {
@ -196,19 +198,21 @@ function makeTagLink(name, includeHash) {
'href': '/tag/' + encodeURIComponent(name), 'href': '/tag/' + encodeURIComponent(name),
'class': misc.makeCssName(category, 'tag'), 'class': misc.makeCssName(category, 'tag'),
}, },
text) : misc.escapeHtml(text)) :
makeNonVoidElement( makeNonVoidElement(
'span', 'span',
{'class': misc.makeCssName(category, 'tag')}, {'class': misc.makeCssName(category, 'tag')},
text); misc.escapeHtml(text));
} }
function makeUserLink(user) { function makeUserLink(user) {
let text = makeThumbnail(user ? user.avatarUrl : null); let text = makeThumbnail(user ? user.avatarUrl : null);
text += user && user.name ? user.name : 'Anonymous'; text += user && user.name ? misc.escapeHtml(user.name) : 'Anonymous';
const link = user && api.hasPrivilege('users:view') ? const link = user && api.hasPrivilege('users:view') ?
makeNonVoidElement( makeNonVoidElement(
'a', {'href': '/user/' + encodeURIComponent(user.name)}, text) : 'a',
{'href': '/user/' + encodeURIComponent(user.name)},
text) :
text; text;
return makeNonVoidElement('span', {class: 'user'}, link); return makeNonVoidElement('span', {class: 'user'}, link);
} }