Fix XSS
This commit is contained in:
Cutls
parent
5f3257a83b
commit
54e12db08b
|
|
@ -475,7 +475,7 @@ function parse(obj, mix, acct_id, tlid, popup, mutefilter, type) {
|
||||||
}else{
|
}else{
|
||||||
var nicoemojick=false;
|
var nicoemojick=false;
|
||||||
}
|
}
|
||||||
//絵文字があれば
|
//絵文字があれば(nico)
|
||||||
if (nicoemojick) {
|
if (nicoemojick) {
|
||||||
Object.keys(toot.profile_emojis).forEach(function(keynico) {
|
Object.keys(toot.profile_emojis).forEach(function(keynico) {
|
||||||
var emoji = toot.profile_emojis[keynico];
|
var emoji = toot.profile_emojis[keynico];
|
||||||
|
|
@ -734,7 +734,7 @@ function parse(obj, mix, acct_id, tlid, popup, mutefilter, type) {
|
||||||
}
|
}
|
||||||
poll=poll+'<div class="'+voteclass+' vote vote_'+acct_id+'_'+toot.poll.id+'_'+keyc+'" onclick="'+votesel+'">'+choice.title+'<span class="vote_'+acct_id+'_'+toot.poll.id+'_result '+result_hide+'">('+choice.votes_count+')</span></div>';
|
poll=poll+'<div class="'+voteclass+' vote vote_'+acct_id+'_'+toot.poll.id+'_'+keyc+'" onclick="'+votesel+'">'+choice.title+'<span class="vote_'+acct_id+'_'+toot.poll.id+'_result '+result_hide+'">('+choice.votes_count+')</span></div>';
|
||||||
});
|
});
|
||||||
poll='<div class="vote_'+acct_id+'_'+toot.poll.id+'">'+poll+myvote+'<span class="cbadge cbadge-hover" title="' + date(toot.poll.expires_at, 'absolute') +
|
poll='<div class="vote_'+acct_id+'_'+toot.poll.id+'">'+strip_tags(poll)+myvote+'<span class="cbadge cbadge-hover" title="' + date(toot.poll.expires_at, 'absolute') +
|
||||||
'"><i class="fa fa-calendar-times-o"></i>' +
|
'"><i class="fa fa-calendar-times-o"></i>' +
|
||||||
ended+ '</span></div>';
|
ended+ '</span></div>';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user