jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #2296 from evazion/fix-js-xss

Browse Source 
Fix XSS in fetch source data javascript.
This commit is contained in:
Toks
2014-10-29 00:31:22 -04:00
parent d406b7f673 19b62c5f4b
commit cbff5b91f4
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/assets/javascripts/uploads.js
View File

@@ -70,20 +70,22 @@
} }
Danbooru.Upload.fill_source_info = function(data) { Danbooru.Upload.fill_source_info = function(data) {
var tag_html = ""; $("#source-tags").empty();
$.each(data.tags, function(i, v) { $.each(data.tags, function(i, v) {
tag_html += ('<a href="' + v[1] + '">' + v[0] + '</a> '); $("<a>").attr("href", v[1]).text(v[0]).appendTo("#source-tags");
}); });
$("#source-artist").html('<a href="' + data.profile_url + '">' + data.artist_name + '</a>'); $("#source-artist").html($("<a>").attr("href", data.profile_url).text(data.artist_name));
$("#source-tags").html(tag_html);
Danbooru.RelatedTag.translated_tags = data.translated_tags; Danbooru.RelatedTag.translated_tags = data.translated_tags;
Danbooru.RelatedTag.build_all(); Danbooru.RelatedTag.build_all();
var new_artist_link = '<a target="_blank" href="/artists/new?other_names=' + data.artist_name + '&urls=' + encodeURIComponent(data.profile_url + '\n' + data.image_url) + '">new</a>'; var new_artist_href = "/artists/new?other_names="
+ encodeURIComponent(data.artist_name)
+ "&urls="
+ encodeURIComponent([data.profile_url, data.image_url].join("\n"));
$("#source-record").html(new_artist_link); $("#source-record").html($("<a>").attr("href", new_artist_href).text("Create New"));
if (data.page_count > 1) { if (data.page_count > 1) {
$("#gallery-warning").show(); $("#gallery-warning").show();