aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/webapp
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2016-07-07 16:56:21 +0300
committerGravatar Vitaly Takmazov2016-07-07 16:56:21 +0300
commit92b4d10aff738c18dee7e2d8d4d394904ccd6259 (patch)
tree50dfe588bf9be0576b1601c0dcb065db3bbfc63d /juick-www/src/webapp
parent7f3a7535bc07af003a148618b4b1d4b936dcd7db (diff)
backport xss fix from develop
Diffstat (limited to 'juick-www/src/webapp')
-rw-r--r--juick-www/src/webapp/scripts.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/juick-www/src/webapp/scripts.js b/juick-www/src/webapp/scripts.js
index 32427e1e..93594f71 100644
--- a/juick-www/src/webapp/scripts.js
+++ b/juick-www/src/webapp/scripts.js
@@ -76,11 +76,11 @@ function wsIncomingReply(msg) {
'<div class="msg-menu"><a href="#" onclick="showMessageLinksDialog('+msg.mid+','+msg.rid+'); return false"></a></div>'+
'<div class="msg-header"><a href="/'+msg.user.uname+'/">@'+msg.user.uname+'</a>:</div>'+
'<div class="msg-ts"><a href="/'+msg.mid+'#'+msg.rid+'" title="'+msg.timestamp+' GMT">'+msg.timestamp+'</a></div>'+
- '<div class="msg-txt">'+msg.body+'</div>'+
+ '<div class="msg-txt"></div>'+
'<div class="msg-links"><a href="#" onclick="return showCommentForm('+msg.mid+','+msg.rid+')">Ответить</a></div>'+
'<div class="msg-comment" style="display: none"></div>'+
'</div>');
-
+ $(li).find('.msg-txt').text(msg.body);
if(p) {
li.css('margin-left',parseInt(p.css('margin-left'))+20+'px');
p.after(li);