mirror of
https://github.com/grocy/grocy.git
synced 2025-08-17 19:16:37 +00:00
Excape HTML (where needed, for bootbox) (references #996)
This commit is contained in:
Bernd Bestel
@@ -172,10 +172,12 @@ function animateCSS(selector, animationName, callback, speed = "faster")
|
||||
|
||||
nodes.on('animationend', handleAnimationEnd);
|
||||
}
|
||||
|
||||
function RandomString()
|
||||
{
|
||||
return Math.random().toString(36).substring(2, 100) + Math.random().toString(36).substring(2, 100);
|
||||
}
|
||||
|
||||
function getQRCodeForContent(url)
|
||||
{
|
||||
var qr = qrcode(0, 'L');
|
||||
@@ -183,6 +185,7 @@ function getQRCodeForContent(url)
|
||||
qr.make();
|
||||
return qr.createImgTag(10, 5);
|
||||
}
|
||||
|
||||
function getQRCodeForAPIKey(apikey_type, apikey_key)
|
||||
{
|
||||
var content = U('/api') + '|' + apikey_key;
|
||||
@@ -192,3 +195,8 @@ function getQRCodeForAPIKey(apikey_type, apikey_key)
|
||||
}
|
||||
return getQRCodeForContent(content);
|
||||
}
|
||||
|
||||
function SanitizeHtml(input)
|
||||
{
|
||||
return $("<div/>").text(input).html();
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
|
||||
|
||||
$(document).on('click', '.battery-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-battery-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-battery-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-battery-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
|
||||
|
||||
$(document).on('click', '.chore-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-chore-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-chore-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-chore-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -162,7 +162,7 @@ $('#product_id_text_input').on('blur', function(e)
|
||||
|
||||
Grocy.Components.ProductPicker.PopupOpen = true;
|
||||
bootbox.dialog({
|
||||
message: __t('"%s" could not be resolved to a product, how do you want to proceed?', input),
|
||||
message: __t('"%s" could not be resolved to a product, how do you want to proceed?', SanitizeHtml(input)),
|
||||
title: __t('Create or assign product'),
|
||||
onEscape: function()
|
||||
{
|
||||
|
||||
@@ -68,7 +68,7 @@ $("#search").on("keyup", Delay(function()
|
||||
|
||||
$(document).on('click', '.equipment-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-equipment-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-equipment-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-equipment-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
|
||||
|
||||
$(document).on('click', '.location-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-location-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-location-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-location-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -563,7 +563,7 @@ $(document).on('click', '.recipe-order-missing-button', function(e)
|
||||
// to prevent that the tooltip stays until clicked anywhere else
|
||||
document.activeElement.blur();
|
||||
|
||||
var objectName = $(e.currentTarget).attr('data-recipe-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-recipe-id');
|
||||
var button = $(this);
|
||||
var servings = $(e.currentTarget).attr('data-mealplan-servings');
|
||||
@@ -667,7 +667,7 @@ $(document).on('click', '.recipe-consume-button', function(e)
|
||||
// to prevent that the tooltip stays until clicked anywhere else
|
||||
document.activeElement.blur();
|
||||
|
||||
var objectName = $(e.currentTarget).attr('data-recipe-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-recipe-id');
|
||||
var servings = $(e.currentTarget).attr('data-mealplan-servings');
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
|
||||
|
||||
$(document).on('click', '.product-group-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-group-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-group-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-group-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -38,7 +38,7 @@ if (typeof GetUriParam("product-group") !== "undefined")
|
||||
|
||||
$(document).on('click', '.product-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-product-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-product-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-product-id');
|
||||
|
||||
Grocy.Api.Get('stock/products/' + objectId,
|
||||
|
||||
@@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
|
||||
|
||||
$(document).on('click', '.quantityunit-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-quantityunit-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-quantityunit-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-quantityunit-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -126,7 +126,7 @@ $('#recipe-form input').keydown(function(event)
|
||||
|
||||
$(document).on('click', '.recipe-pos-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-recipe-pos-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-pos-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-recipe-pos-id');
|
||||
|
||||
bootbox.confirm({
|
||||
@@ -163,7 +163,7 @@ $(document).on('click', '.recipe-pos-delete-button', function(e)
|
||||
|
||||
$(document).on('click', '.recipe-include-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-recipe-include-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-include-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-recipe-include-id');
|
||||
|
||||
bootbox.confirm({
|
||||
@@ -200,7 +200,7 @@ $(document).on('click', '.recipe-include-delete-button', function(e)
|
||||
|
||||
$(document).on('click', '.recipe-pos-show-note-button', function(e)
|
||||
{
|
||||
var note = $(e.currentTarget).attr('data-recipe-pos-note');
|
||||
var note = SanitizeHtml($(e.currentTarget).attr('data-recipe-pos-note'));
|
||||
|
||||
bootbox.alert(note);
|
||||
});
|
||||
|
||||
@@ -81,7 +81,7 @@ $(".recipe-delete").on('click', function(e)
|
||||
{
|
||||
e.preventDefault();
|
||||
|
||||
var objectName = $(e.currentTarget).attr('data-recipe-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-recipe-id');
|
||||
|
||||
bootbox.confirm({
|
||||
@@ -118,7 +118,7 @@ $(".recipe-delete").on('click', function(e)
|
||||
|
||||
$(document).on('click', '.recipe-shopping-list', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-recipe-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-recipe-id');
|
||||
|
||||
bootbox.confirm({
|
||||
@@ -164,7 +164,7 @@ $(document).on('click', '.recipe-shopping-list', function(e)
|
||||
|
||||
$(".recipe-consume").on('click', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-recipe-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-recipe-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-recipe-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -77,7 +77,7 @@ $(".status-filter-message").on("click", function()
|
||||
|
||||
$("#delete-selected-shopping-list").on("click", function()
|
||||
{
|
||||
var objectName = $("#selected-shopping-list option:selected").text();
|
||||
var objectName = SanitizeHtml($("#selected-shopping-list option:selected").text());
|
||||
var objectId = $("#selected-shopping-list").val();
|
||||
|
||||
bootbox.confirm({
|
||||
@@ -158,7 +158,7 @@ $(document).on('click', '#add-products-below-min-stock-amount', function(e)
|
||||
$(document).on('click', '#clear-shopping-list', function(e)
|
||||
{
|
||||
bootbox.confirm({
|
||||
message: __t('Are you sure to empty shopping list "%s"?', $("#selected-shopping-list option:selected").text()),
|
||||
message: __t('Are you sure to empty shopping list "%s"?', SanitizeHtml($("#selected-shopping-list option:selected").text())),
|
||||
closeButton: false,
|
||||
buttons: {
|
||||
confirm: {
|
||||
|
||||
@@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
|
||||
|
||||
$(document).on('click', '.shoppinglocation-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-shoppinglocation-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-shoppinglocation-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-shoppinglocation-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
|
||||
|
||||
$(document).on('click', '.task-category-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-category-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-category-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-category-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -119,7 +119,7 @@ $(document).on('click', '.delete-task-button', function(e)
|
||||
{
|
||||
e.preventDefault();
|
||||
|
||||
var objectName = $(e.currentTarget).attr('data-task-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-task-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-task-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
|
||||
|
||||
$(document).on('click', '.userentity-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-userentity-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-userentity-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-userentity-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -33,7 +33,7 @@ $("#entity-filter").on("change", function()
|
||||
|
||||
$(document).on('click', '.userfield-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-userfield-name');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-userfield-name'));
|
||||
var objectId = $(e.currentTarget).attr('data-userfield-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
@@ -21,7 +21,7 @@ $("#search").on("keyup", Delay(function()
|
||||
|
||||
$(document).on('click', '.user-delete-button', function(e)
|
||||
{
|
||||
var objectName = $(e.currentTarget).attr('data-user-username');
|
||||
var objectName = SanitizeHtml($(e.currentTarget).attr('data-user-username'));
|
||||
var objectId = $(e.currentTarget).attr('data-user-id');
|
||||
|
||||
bootbox.confirm({
|
||||
|
||||
Reference in New Issue
Block a user