[Libreoffice-commits] online.git: Branch 'libreoffice-6-2' - loleaflet/js
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Tue Mar 19 14:02:41 UTC 2019
loleaflet/js/toolbar.js | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
New commits:
commit 1152101b88d0c244f6e9f77473d697432f345b19
Author: Szymon Kłos <szymon.klos at collabora.com>
AuthorDate: Tue Mar 19 10:07:50 2019 +0100
Commit: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
CommitDate: Tue Mar 19 15:02:22 2019 +0100
Escape username
In case of guest users it was possible to inject html.
Change-Id: I642de3efa0fa03cd2a8d63834605f46eacd0f464
Reviewed-on: https://gerrit.libreoffice.org/69410
Reviewed-by: Szymon Kłos <szymon.klos at collabora.com>
Tested-by: Szymon Kłos <szymon.klos at collabora.com>
(cherry picked from commit 3084565981d85d5734436c3411266c529ad5d879)
(cherry picked from commit 7176214de3177ad3ecc2f79871cca686e2683ea3)
Reviewed-on: https://gerrit.libreoffice.org/69422
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
diff --git a/loleaflet/js/toolbar.js b/loleaflet/js/toolbar.js
index da07e9a74..ea740e610 100644
--- a/loleaflet/js/toolbar.js
+++ b/loleaflet/js/toolbar.js
@@ -2119,11 +2119,16 @@ function updateUserListCount() {
$('#zoomlevel').html(zoomlevel);
}
+function escapeHtml(input) {
+ return $('<div>').text(input).html();
+}
+
function onAddView(e) {
+ var username = escapeHtml(e.username);
$('#tb_toolbar-down_item_userlist')
.w2overlay({
class: 'loleaflet-font',
- html: userJoinedPopupMessage.replace('%user', e.username),
+ html: userJoinedPopupMessage.replace('%user', username),
style: 'padding: 5px'
});
clearTimeout(userPopupTimeout);
@@ -2133,7 +2138,6 @@ function onAddView(e) {
userPopupTimeout = null;
}, 3000);
- var username = e.username;
var color = L.LOUtil.rgbToHex(map.getViewColor(e.viewId));
if (e.viewId === map._docLayer._viewId) {
username = _('You');
More information about the Libreoffice-commits
mailing list