lkva/NDOJ
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Avoid XSS

Browse source
This commit is contained in:
thanhluong 2020-05-17 18:01:59 +00:00
parent 49de777c9f
commit a86a2b25e0
1 changed files with 12 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
templates/chat/chat.html
View file

@ -12,14 +12,16 @@
$('#loader').hide();
chatSocket.onmessage = function(e) {
let data = JSON.parse(e.data)
data = data['message']
let data = JSON.parse(e.data);
console.log(data);
data = data['message'];
loadMessage(data['body'],
data['author'],
data['time'],
data['id'],
data['image'],
true)
true);
// console.log(data);
$('#chat-box').scrollTop($('#chat-box')[0].scrollHeight);
};
@ -30,7 +32,8 @@
}
function loadMessage(content, user, time, messid, image, isNew) {
if (isNew) content = encodeHTML(content)
// if (isNew) content = encodeHTML(content)
content = encodeHTML(content);
li = `<li class="message">
<img src="${image}" class="profile-pic">
<div class="body-message">
@ -58,9 +61,11 @@
(function init_chatlog() {
ul = $('#chat-log')
{% autoescape on %}
{% for msg in message %}
loadMessage(`{{msg.body}}`, `{{msg.author}}`, `{{msg.time}}`, `{{msg.id}}`, `{{gravatar(msg.author, 32)}}`)
loadMessage("{{msg.body|safe|escapejs}}", `{{msg.author}}`, `{{msg.time}}`, `{{msg.id}}`, `{{gravatar(msg.author, 32)}}`);
{% endfor %}
{% endautoescape %}
$('#chat-box').scrollTop($('#chat-box')[0].scrollHeight);
})()
@ -101,21 +106,21 @@
scrollContainer($('#chat-box'), $('#loader'))
{% if request.user.is_staff %}
$(document).on("click", ".chatbtn_remove_mess", function() {
var elt = $(this);
console.log(elt.data());
$.ajax({
url: 'delete/',
type: 'post',
data: elt.data(),
dataType: 'json',
success: function(data){
console.log(data);
console.log('delete ajax call success!');
location.reload();
}
});
});
{% endif %}
$("#chat-submit").click(function() {
if ($("#chat-input").val().trim()) {