skorotkiewicz/yosup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use html template tags to escape user input

Browse source 
Merged safe html changes from Steven.
This commit is contained in:
Steven 2022-12-19 22:47:47 -08:00 committed by Thomas Mathews
parent 7954c75841
commit 7a3a4077e8
4 changed files with 77 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

10
web/js/ui/fmt.js
View file

@ -7,21 +7,21 @@ function linkify(text="", show_media=false) {
} catch (err) {
return match;
}
let html;
let markup;
if (show_media && is_img_url(parsed.pathname)) {
html = `
markup = html`
<img class="inline-img clickable" src="${url}" onclick="open_media_preview('${url}', 'image')"/>
`;
} else if (show_media && is_video_url(parsed.pathname)) {
html = `
markup = html`
<video controls class="inline-img" />
<source src="${url}">
</video>
`;
} else {
html = `<a target="_blank" rel="noopener noreferrer" href="${url}">${url}</a>`;
markup = html`<a target="_blank" rel="noopener noreferrer" href="${url}">${url}</a>`;
}
return p1+html;
return p1+markup;
})
}