code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

removed 2 arguments for reply function

Browse Source 
this will add stronger protection against xss attacks
This commit is contained in:
Mystikfluu 2022-07-05 14:27:04 +02:00
parent 7b288d964d
commit 9fe43ae497
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
js/posts.js
View File

@ -112,7 +112,7 @@ async function createPost(username,text,time,specialtext,postid,isbot,reply_id)
}
newP.appendChild(spacerTextNode())
// |\>.</|
newP.innerHTML += `<button onclick="reply('${username}',${postid},\`${htmlesc(htmlesc(escape_special(escape_special(text))))}\`)">Reply to this Post</button>`
newP.innerHTML += `<button onclick="reply(${postid})">Reply to this Post</button>`
if(reply_id != 0) {
try {
@ -179,10 +179,13 @@ async function main(){
document.getElementById("scriptonly").style = ""
}
function reply(username,postid,posttext) {
async function reply(postid) {
let post = await(await fetch("/api/getPost?id="+postid)).json()
let username = post.post_user_name
let posttext = post.post_text
document.getElementById("reply").style = ""
document.getElementById("reply_username").innerText = username
document.getElementById("reply_text").innerHTML = filterPost(unescape(unescape_special(unescape_special(posttext))))
document.getElementById("reply_username").innerText = decodeURIComponent(username)
document.getElementById("reply_text").innerHTML = filterPost(decodeURIComponent(posttext))
reply_id = postid
}