'; }); $("#lists").html(lists); @@ -57,7 +57,7 @@ function list(){ var lists = ""; Object.keys(json).forEach(function(key) { var list = json[key]; - lists = lists + list.title+':'+lang.lang_list_show+'/'+lang.lang_list_users+'
'; }); @@ -193,7 +193,7 @@ function hisList(user,acct_id){ Object.keys(json).forEach(function(key) { var list = json[key]; lists = lists + ''+list.title+'
'; + '\')" class="pointer">'+escapeHTML(list.title)+'
'; }); $("#his-lists-b").html(lists); }else{ @@ -217,7 +217,7 @@ function hisList(user,acct_id){ var lists = ""; Object.keys(json).forEach(function(key) { var list = json[key]; - lists = lists + list.title+':'+lang.lang_list_show+'/'+lang.lang_list_add+lang.lang_list_add_misskey+'
'; }); diff --git a/app/js/tl/misskeyparse.js b/app/js/tl/misskeyparse.js index 761e4d96..2d6caeba 100644 --- a/app/js/tl/misskeyparse.js +++ b/app/js/tl/misskeyparse.js @@ -286,7 +286,7 @@ function misskeyParse(obj, mix, acct_id, tlid, popup, mutefilter) { } var if_notf='data-notfIndv="'+acct_id+"_"+toot.id+'"'; var toot = toot.note; - var dis_name=escapeHTMLtemp(toot.user.name); + var dis_name=escapeHTML(toot.user.name); }else{ var if_notf=""; if (toot.renote) { @@ -299,7 +299,7 @@ function misskeyParse(obj, mix, acct_id, tlid, popup, mutefilter) { if(!toot.text){ var toot = toot.renote; } - var dis_name=escapeHTMLtemp(toot.user.name); + var dis_name=escapeHTML(toot.user.name); var uniqueid=toot.id; var actemojick=false } else { @@ -342,7 +342,7 @@ function misskeyParse(obj, mix, acct_id, tlid, popup, mutefilter) { if(toot.viaMobile){ var via = 'Mobile'; }else{ - var via = 'Unknown'; + var via = ''; } } else { var via = toot.app.name; @@ -362,7 +362,7 @@ function misskeyParse(obj, mix, acct_id, tlid, popup, mutefilter) { }); } if ((toot.cw || toot.cw=="") && cw) { - var content = toot.text; + var content = escapeHTML(toot.text); var spoil = escapeHTMLtemp(toot.cw); var spoiler = "cw cw_hide_" + toot.id; var api_spoil = "gray"; @@ -618,7 +618,7 @@ function misskeyParse(obj, mix, acct_id, tlid, popup, mutefilter) { for( var i=0; i
'+choice.text+'('+choice.votes+''+myvote+')
';
+ poll=poll+''+escapeHTML(choice.text)+'('+choice.votes+''+myvote+')
';
});
poll=''+poll+'
';
}
@@ -841,7 +841,7 @@ function misskeyParse(obj, mix, acct_id, tlid, popup, mutefilter) {
acct_id +
')" class="waves-effect waves-dark btn-flat" style="padding:0" title="'+lang.lang_parse_redraft+'">redo'+trans+
'via ' +
- via +
+ escapeHTML(via) +
''+
'' +
'
'+escapeHTML(value.name)+'';
break;
}
}
@@ -1000,7 +1000,7 @@ function client(name) {
if(!obj){
var obj=[];
obj.push(name);
- Materialize.toast(name+lang.lang_status_emphas, 2000);
+ Materialize.toast(escapeHTML(name)+lang.lang_status_emphas, 2000);
}else{
var can;
Object.keys(obj).forEach(function(key) {
@@ -1010,12 +1010,12 @@ function client(name) {
}else{
can=true;
obj.splice(key, 1);
- Materialize.toast(name+lang.lang_status_unemphas, 2000);
+ Materialize.toast(escapeHTML(name)+lang.lang_status_unemphas, 2000);
}
});
if(!can){
obj.push(name);
- Materialize.toast(name+lang.lang_status_emphas, 2000);
+ Materialize.toast(escapeHTML(name)+lang.lang_status_emphas, 2000);
}else{
}
@@ -1031,7 +1031,7 @@ function client(name) {
obj.push(name);
var json = JSON.stringify(obj);
localStorage.setItem("client_mute", json);
- Materialize.toast(name+lang.lang_parse_mute, 2000);
+ Materialize.toast(escapeHTML(name)+lang.lang_parse_mute, 2000);
}else{
return;
}
diff --git a/app/js/tl/src.js b/app/js/tl/src.js
index 7f6bcbb6..f788afe7 100644
--- a/app/js/tl/src.js
+++ b/app/js/tl/src.js
@@ -52,7 +52,7 @@ function src(mode) {
var tag = json.hashtags[key4];
if(mode){
tags = tags + '#' + tag + '
'; + '\',\'add\')" class="pointer">#' + escapeHTML(tag) + '
'; }else{ tags=tags+graphDraw(tag); } @@ -186,13 +186,13 @@ function graphDraw(tag){ var zero=50-(his[0].uses/max*50); if(max===0){ tags = '
'+his[0].uses+'toots #' + tag.name + ' '+his[0].accounts+lang.lang_src_people; + ''+his[0].uses+'toots #' + escapeHTML(tag.name) + ' '+his[0].accounts+lang.lang_src_people; }else{ tags = '
'+his[0].uses+'toots #' + tag.name + ' '+his[0].accounts+lang.lang_src_people; + ''+his[0].uses+'toots #' + escapeHTML(tag.name) + ' '+his[0].accounts+lang.lang_src_people; } return tags; diff --git a/app/js/tl/tag.js b/app/js/tl/tag.js index dbe046fc..0c7eda77 100644 --- a/app/js/tl/tag.js +++ b/app/js/tl/tag.js @@ -65,6 +65,7 @@ function favTag(){ var ptt=lang.lang_tags_unrealtime; var nowon="("+lang.lang_tags_realtime+")"; } + tag=escapeHTML(tag); tags = tags + '#' + tag + ''+nowon+' TL Toot '+ ''+ptt+' '+lang.lang_del+' '; }); @@ -96,6 +97,7 @@ function trendTag(){ var tags=""; json=json.score; Object.keys(json).forEach(function(tag) { + tag=escapeHTML(tag); tags = tags + '#' + tag + ' TL Toot '; }); $("#taglist").append('
hearingOn'+lang.lang_layout_tts +'TL
low_priority'+lang.lang_layout_reconnect+'
'+lang.lang_layout_headercolor +'
'
$('#timeline_box_' + basekey + '_parentBox').append(html);
localStorage.removeItem("pool_" + key);
diff --git a/app/js/ui/menu.js b/app/js/ui/menu.js
index 429fba4e..0c46ae93 100644
--- a/app/js/ui/menu.js
+++ b/app/js/ui/menu.js
@@ -1,4 +1,6 @@
function menu(){
+ localStorage.setItem("menu-done",true);
+ $("#fukidashi").addClass("hide")
if(!$("#menu").hasClass("appear")){
$("#menu").addClass("appear")
var left=localStorage.getItem("menu-left");
diff --git a/app/js/ui/sort.js b/app/js/ui/sort.js
index 8286d16b..0d350657 100644
--- a/app/js/ui/sort.js
+++ b/app/js/ui/sort.js
@@ -32,7 +32,7 @@ function sortload(){
var acctdata=user+"@"+domain;
}
- var html='
Memory:"+Math.floor(use/1024/1024/102.4)/10+"/"+Math.floor(total/1024/1024/102.4)/10+"GB("+Math.floor(use/total*100)+"%)") + $("#tips-text").html(escapeHTML(cpu)+"
Memory:"+Math.floor(use/1024/1024/102.4)/10+"/"+Math.floor(total/1024/1024/102.4)/10+"GB("+Math.floor(use/total*100)+"%)") }) } //トレンドタグ @@ -83,7 +83,7 @@ function trendTagonTip(){ var tags=""; json=json.score; Object.keys(json).forEach(function(tag) { - tags = tags + '#' + tag + ' TL Toot
'; + tags = tags + '#' + escapeHTML(tag) + ' TL Toot
'; }); $("#tips-text").html(''+fields[i].signatureAlgorithm+':'+fields[i].name+'';
+ var html=''+escapeHTML(fields[i].signatureAlgorithm)+':'+escapeHTML(fields[i].name)+'';
}else{
- var html=''+fields[i].signatureAlgorithm+':'+fields[i].name+'';
+ var html=''+escapeHTML(fields[i].signatureAlgorithm)+':'+escapeHTML(fields[i].name)+'';
}
$("#his-proof-prof").append(html)
}
diff --git a/app/js/userdata/showOnTL.js b/app/js/userdata/showOnTL.js
index 8c72c2e3..f7c40fdf 100644
--- a/app/js/userdata/showOnTL.js
+++ b/app/js/userdata/showOnTL.js
@@ -278,7 +278,7 @@ function misskeyUdg(user, acct_id) {
$("#his-follow").text(json.followingCount);
$("#his-follower").text(json.followersCount);
$("#his-since").text(crat(json.createdAt));
- var note=json.description;
+ var note=escapeHTML(json.description);
$("#his-des").html(twemoji.parse(note));
if(json.isCat){
$("#his-bot").html("Cat"+twemoji.parse("😺"));
diff --git a/app/view/en/index.html b/app/view/en/index.html
index d5e8dceb..63c4d40f 100644
--- a/app/view/en/index.html
+++ b/app/view/en/index.html
@@ -32,7 +32,7 @@
' +
diff --git a/app/js/tl/parse.js b/app/js/tl/parse.js
index 84ac8c15..a41406eb 100644
--- a/app/js/tl/parse.js
+++ b/app/js/tl/parse.js
@@ -766,7 +766,7 @@ function parse(obj, mix, acct_id, tlid, popup, mutefilter, type) {
for( var i=0; i '+value.name+'
';
+ var tickerdom=''; + '\',\'add\')" class="pointer">#' + escapeHTML(tag) + '
'; }else{ tags=tags+graphDraw(tag); } @@ -186,13 +186,13 @@ function graphDraw(tag){ var zero=50-(his[0].uses/max*50); if(max===0){ tags = '
'+his[0].uses+'toots #' + tag.name + ' '+his[0].accounts+lang.lang_src_people; + ''+his[0].uses+'toots #' + escapeHTML(tag.name) + ' '+his[0].accounts+lang.lang_src_people; }else{ tags = '
'+his[0].uses+'toots #' + tag.name + ' '+his[0].accounts+lang.lang_src_people; + ''+his[0].uses+'toots #' + escapeHTML(tag.name) + ' '+his[0].accounts+lang.lang_src_people; } return tags; diff --git a/app/js/tl/tag.js b/app/js/tl/tag.js index dbe046fc..0c7eda77 100644 --- a/app/js/tl/tag.js +++ b/app/js/tl/tag.js @@ -65,6 +65,7 @@ function favTag(){ var ptt=lang.lang_tags_unrealtime; var nowon="("+lang.lang_tags_realtime+")"; } + tag=escapeHTML(tag); tags = tags + '#' + tag + ''+nowon+' TL Toot '+ ''+ptt+' '+lang.lang_del+' '; }); @@ -96,6 +97,7 @@ function trendTag(){ var tags=""; json=json.score; Object.keys(json).forEach(function(tag) { + tag=escapeHTML(tag); tags = tags + '#' + tag + ' TL Toot '; }); $("#taglist").append('
アイマストドントレンドタグrefresh:' + tags+'
');
@@ -115,6 +117,7 @@ function tagTL(a,b,c,d){
tl(a,b,acct_id,d);
}
function autoToot(tag){
+ tag=escapeHTML(tag)
var nowPT=localStorage.getItem("stable")
if(nowPT==tag){
localStorage.removeItem("stable");
diff --git a/app/js/tl/tl.js b/app/js/tl/tl.js
index 9357895c..707d9880 100644
--- a/app/js/tl/tl.js
+++ b/app/js/tl/tl.js
@@ -660,7 +660,7 @@ function cap(type, data, acct_id) {
var response="Federated TL(Media)";
}
} else if (type == "tag") {
- var response= "#" + data
+ var response= "#" + escapeHTML(data)
} else if (type == "list") {
var ltitle=localStorage.getItem("list_"+data+"_"+acct_id);
var response= "List(" + ltitle + ")"
@@ -685,7 +685,7 @@ function cap(type, data, acct_id) {
}else if (type == "webview") {
var response="Twitter"
}else if (type == "tootsearch") {
- var response="tootsearch(" + data + ")";
+ var response="tootsearch(" + escapeHTML(data) + ")";
}
return response;
}
diff --git a/app/js/ui/layout.js b/app/js/ui/layout.js
index b37f12ae..3716e92c 100644
--- a/app/js/ui/layout.js
+++ b/app/js/ui/layout.js
@@ -28,6 +28,9 @@ function parseColumn() {
$(".toot-reset").css("font-size", size + "px");
$(".cont-series").css("font-size", size + "px");
}
+ if(localStorage.getItem("menu-done")){
+ $("#fukidashi").addClass("hide")
+ }
tlCloser();
var multi = localStorage.getItem("multi");
if (multi) {
@@ -198,7 +201,7 @@ function parseColumn() {
key + '">On'+lang.lang_layout_linkana +'hearingOn'+lang.lang_layout_tts +'TL
low_priority'+lang.lang_layout_reconnect+'
'+lang.lang_layout_headercolor +'
low_priority'+lang.lang_layout_reconnect+'
'+lang.lang_layout_headercolor +'
'+lang.lang_layout_headercolor +'
'+lang.lang_layout_nodata +'
'+icon(acct.type)+'
'+cap(acct.type, acct.data,acct.domain)+'
'+icon(acct.type)+'
'+cap(acct.type, escapeHTML(acct.data),acct.domain)+'
'+acctdata+'
';
$("#sort").append(html);
@@ -103,7 +103,7 @@ function sort(){
var json = JSON.stringify(newobj);
localStorage.setItem("column", json);
$("#sort").html("");
- Materialize.toast("並べ替え完了。", 3000);
+ Materialize.toast("Sorted", 3000);
sortload();
parseColumn();
sortMenu()
diff --git a/app/js/ui/tips.js b/app/js/ui/tips.js
index a1d735be..e7871c7e 100644
--- a/app/js/ui/tips.js
+++ b/app/js/ui/tips.js
@@ -57,7 +57,7 @@ function startmem(){
var use=arg[0];
var cpu=arg[1];
var total=arg[2]
- $("#tips-text").html(cpu+"Memory:"+Math.floor(use/1024/1024/102.4)/10+"/"+Math.floor(total/1024/1024/102.4)/10+"GB("+Math.floor(use/total*100)+"%)") + $("#tips-text").html(escapeHTML(cpu)+"
Memory:"+Math.floor(use/1024/1024/102.4)/10+"/"+Math.floor(total/1024/1024/102.4)/10+"GB("+Math.floor(use/total*100)+"%)") }) } //トレンドタグ @@ -83,7 +83,7 @@ function trendTagonTip(){ var tags=""; json=json.score; Object.keys(json).forEach(function(tag) { - tags = tags + '#' + tag + ' TL Toot
'; + tags = tags + '#' + escapeHTML(tag) + ' TL Toot
'; }); $("#tips-text").html('
トレンドタグrefresh:
' + tags+'
');
trendTagonTipInterval()
diff --git a/app/js/userdata/his-data.js b/app/js/userdata/his-data.js
index 851b20cd..2ddede9f 100644
--- a/app/js/userdata/his-data.js
+++ b/app/js/userdata/his-data.js
@@ -571,9 +571,9 @@ function udAdd(start) {
for(var i=0;i' + tags+'