diff options
author | Vitaly Takmazov | 2016-07-07 16:56:21 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2016-07-07 16:56:21 +0300 |
commit | 92b4d10aff738c18dee7e2d8d4d394904ccd6259 (patch) | |
tree | 50dfe588bf9be0576b1601c0dcb065db3bbfc63d /juick-www/src | |
parent | 7f3a7535bc07af003a148618b4b1d4b936dcd7db (diff) |
backport xss fix from develop
Diffstat (limited to 'juick-www/src')
-rw-r--r-- | juick-www/src/webapp/scripts.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/juick-www/src/webapp/scripts.js b/juick-www/src/webapp/scripts.js index 32427e1e..93594f71 100644 --- a/juick-www/src/webapp/scripts.js +++ b/juick-www/src/webapp/scripts.js @@ -76,11 +76,11 @@ function wsIncomingReply(msg) { '<div class="msg-menu"><a href="#" onclick="showMessageLinksDialog('+msg.mid+','+msg.rid+'); return false"></a></div>'+ '<div class="msg-header"><a href="/'+msg.user.uname+'/">@'+msg.user.uname+'</a>:</div>'+ '<div class="msg-ts"><a href="/'+msg.mid+'#'+msg.rid+'" title="'+msg.timestamp+' GMT">'+msg.timestamp+'</a></div>'+ - '<div class="msg-txt">'+msg.body+'</div>'+ + '<div class="msg-txt"></div>'+ '<div class="msg-links"><a href="#" onclick="return showCommentForm('+msg.mid+','+msg.rid+')">Ответить</a></div>'+ '<div class="msg-comment" style="display: none"></div>'+ '</div>'); - + $(li).find('.msg-txt').text(msg.body); if(p) { li.css('margin-left',parseInt(p.css('margin-left'))+20+'px'); p.after(li); |