farin

2022-02-24 11:24:22 +02:00 · 2022-02-24 11:24:22 +02:00 · 1c7b081231
commit 1c7b081231
parent 0196ef421a
8 changed files with 35 additions and 37 deletions
--- a/files/assets/js/comments_v.js
+++ b/files/assets/js/comments_v.js
@ -156,18 +156,17 @@ function post_reply(id){
 	xhr.open("post", "/reply");
 	xhr.setRequestHeader('xhr', 'xhr');
 	xhr.onload=function(){
-		if (xhr.status==200) {
+		let data
 		try {data = JSON.parse(xhr.response)}
 		catch(e) {console.log(e)}
 		if (data && data["comment"]) {
 			commentForm=document.getElementById('comment-form-space-'+id);
-			commentForm.innerHTML = xhr.response.replace(/data-src/g, 'src').replace(/data-cfsrc/g, 'src').replace(/style="display:none;visibility:hidden;"/g, '').replace('comment-collapse-desktop d-none d-md-block','d-none').replace('border-left: 2px solid','padding-left:0;border-left: 0px solid');
+			commentForm.innerHTML = data["comment"].replace(/data-src/g, 'src').replace(/data-cfsrc/g, 'src').replace(/style="display:none;visibility:hidden;"/g, '').replace('comment-collapse-desktop d-none d-md-block','d-none').replace('border-left: 2px solid','padding-left:0;border-left: 0px solid');
 			bs_trigger();
 		}
 		else {
-			document.getElementById('toast-post-error-text').innerText = "Error, please try again later."
+			if (data && data["error"]) document.getElementById('toast-post-error-text').innerText = data["error"];
-			try{
+			else document.getElementById('toast-post-error-text').innerText = "Error, please try again later."
 				let data = JSON.parse(xhr.response)
 				document.getElementById('toast-post-error-text').innerText = data["error"];
 			}
 			catch(e) {console.log(e)}
 			bootstrap.Toast.getOrCreateInstance(document.getElementById('toast-post-error')).show();
 		}
 		setTimeout(() => {
@ -193,18 +192,17 @@ function comment_edit(id){
 	xhr.open("post", "/edit_comment/"+id);
 	xhr.setRequestHeader('xhr', 'xhr');
 	xhr.onload=function(){
-		if (xhr.status==200) {
+		let data
 		try {data = JSON.parse(xhr.response)}
 		catch(e) {console.log(e)}
 		if (data && data["comment"]) {
 			commentForm=document.getElementById('comment-text-'+id);
-			commentForm.innerHTML = xhr.response.replace(/data-src/g, 'src').replace(/data-cfsrc/g, 'src').replace(/style="display:none;visibility:hidden;"/g, '')
+			commentForm.innerHTML = data["comment"].replace(/data-src/g, 'src').replace(/data-cfsrc/g, 'src').replace(/style="display:none;visibility:hidden;"/g, '')
 			document.getElementById('cancel-edit-'+id).click()
 		}
 		else {
-			document.getElementById('toast-post-error-text').innerText = "Error, please try again later."
+			if (data && data["error"]) document.getElementById('toast-post-error-text').innerText = data["error"];
-			try{
+			else document.getElementById('toast-post-error-text').innerText = "Error, please try again later."
 				let data = JSON.parse(xhr.response)
 				document.getElementById('toast-post-error-text').innerText = data["error"];
 			}
 			catch(e) {console.log(e)}
 			bootstrap.Toast.getOrCreateInstance(document.getElementById('toast-post-error')).show();
 		}
 		setTimeout(() => {
@ -232,18 +230,17 @@ function post_comment(fullname){
 	xhr.open("post", "/comment");
 	xhr.setRequestHeader('xhr', 'xhr');
 	xhr.onload=function(){
-		if (xhr.status==200) {
+		let data
 		try {data = JSON.parse(xhr.response)}
 		catch(e) {console.log(e)}
 		if (data && data["comment"]) {
 			commentForm=document.getElementById('comment-form-space-'+fullname);
-			commentForm.innerHTML = xhr.response.replace(/data-src/g, 'src').replace(/data-cfsrc/g, 'src').replace(/style="display:none;visibility:hidden;"/g, '');
+			commentForm.innerHTML = data["comment"].replace(/data-src/g, 'src').replace(/data-cfsrc/g, 'src').replace(/style="display:none;visibility:hidden;"/g, '');
 			bs_trigger();
 		}
 		else {
-			document.getElementById('toast-post-error-text').innerText = "Error, please try again later."
+			if (data && data["error"]) document.getElementById('toast-post-error-text').innerText = data["error"];
-			try{
+			else document.getElementById('toast-post-error-text').innerText = "Error, please try again later."
 				let data = JSON.parse(xhr.response)
 				document.getElementById('toast-post-error-text').innerText = data["error"];
 			}
 			catch(e) {console.log(e)}
 			bootstrap.Toast.getOrCreateInstance(document.getElementById('toast-post-error')).show();
 		}
 		setTimeout(() => {
--- a/files/assets/js/gif_modal.js
+++ b/files/assets/js/gif_modal.js
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@ -177,6 +177,7 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False):
 			tag["onclick"] = "expandDesktopImage(this.src);"
 			tag["data-bs-toggle"] = "modal"
 			tag["data-bs-target"] = "#expandImageModal"
 			tag['referrerpolicy'] = "no-referrer"
 	for tag in soup.find_all("a"):
 		if tag.get("href"):
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@ -223,7 +223,7 @@ def api_comment(v):
 						name = badge_def["name"]
 						existing = g.db.query(BadgeDef).filter_by(name=name).one_or_none()
-						if existing: return {"error": "A badge with this name already exists!"}
+						if existing: return {"error": "A badge with this name already exists!"}, 403
 						badge = BadgeDef(name=name, description=badge_def["description"])
 						g.db.add(badge)
@ -243,7 +243,7 @@ def api_comment(v):
 						else: abort(400)
 						existing = g.db.query(Marsey.name).filter_by(name=name).one_or_none()
-						if existing: return {"error": "A marsey with this name already exists!"}
+						if existing: return {"error": "A marsey with this name already exists!"}, 403
 						marsey = Marsey(name=marsey["name"], author_id=author_id, tags=marsey["tags"], count=0)
 						g.db.add(marsey)
@ -684,7 +684,7 @@ def api_comment(v):
 	g.db.commit()
 	if request.headers.get("Authorization"): return c.json
-	return render_template("comments.html", v=v, comments=[c], ajax=True)
+	return {"comment": c.body_html}
@ -897,7 +897,7 @@ def edit_comment(cid, v):
 		g.db.commit()
-	return c.realbody(v)
+	return {"comment": c.realbody(v)}
@app.post("/delete/comment/<cid>")
--- a/files/routes/users.py
+++ b/files/routes/users.py
@ -595,7 +595,7 @@ def messagereply(v):
 			g.db.add(notif)
 	g.db.commit()
-	return render_template("comments.html", v=v, comments=[new_comment], ajax=True)
+	return {"comment": render_template("comments.html", v=v, comments=[new_comment], ajax=True)}
@app.get("/2faqr/<secret>")
@auth_required
--- a/files/templates/comments.html
+++ b/files/templates/comments.html
@ -147,7 +147,7 @@
 </div>
 {% endif %}
-{% if c.sentto and c.level > 1 %}
+{% if c.parent_comment and c.parent_comment.sentto %}
 	{% set isreply = True %}
 {% else %}
 	{% set isreply = False %}
@ -871,7 +871,7 @@
 	{% if v %}
 		<script src="/static/assets/js/marked.js?a=242"></script>
-		<script src="/static/assets/js/comments_v.js?a=257"></script>
+		<script src="/static/assets/js/comments_v.js?a=259"></script>
 	{% endif %}
 	<script src="/static/assets/js/clipboard.js?a=250"></script>
--- a/files/templates/formatting.html
+++ b/files/templates/formatting.html
@ -54,7 +54,7 @@ You can use Markdown formatting:
 		<tr>
 			<td>Images</td>
 			<td>https://i.imgur.com/Lf6dfPO.jpg</td>
-			<td><img loading="lazy" alt="example image" src="https://i.imgur.com/Lf6dfPO.jpg"></td>
+			<td><img loading="lazy" alt="example image" referrerpolicy="no-referrer" src="https://i.imgur.com/Lf6dfPO.jpg"></td>
 		</tr>
 		<tr>
 			<td>Youtube Videos</td>
@ -64,7 +64,7 @@ You can use Markdown formatting:
 		<tr>
 			<td>Video Files</td>
 			<td>https://files.catbox.moe/v4om92.mp4</td>
-			<td><video controls preload="none" class="embedvid"><source src="https://files.catbox.moe/v4om92.mp4" type="video/mp4"></video></td>
+			<td><video controls preload="none" class="embedvid"><source referrerpolicy="no-referrer" src="https://files.catbox.moe/v4om92.mp4" type="video/mp4"></video></td>
 		</tr>
 		<tr>
 			<td>Emojis</td>
@ -465,10 +465,10 @@ line breaks
 		<tr>
 			<td>Images</td>
 			<td>
-				&lt;img src="https://i.imgur.com/SwVuagI_d.webp" width="200"&gt;
+				&lt;img referrerpolicy="no-referrer" src="https://i.imgur.com/SwVuagI_d.webp" width="200"&gt;
 			</td>
 			<td>
-				<img loading="lazy" alt="example image" src="https://i.imgur.com/SwVuagI_d.webp" width="200">
+				<img loading="lazy" alt="example image" referrerpolicy="no-referrer" src="https://i.imgur.com/SwVuagI_d.webp" width="200">
 			</td>
 		</tr>
 	</tbody>
--- a/files/templates/gif_modal.html
+++ b/files/templates/gif_modal.html
@ -26,4 +26,4 @@
 	</div>
 </div>
-<script src="/static/assets/js/gif_modal.js?a=242"></script>
+<script src="/static/assets/js/gif_modal.js?a=243"></script>