Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

web: Add missing CSS.escape calls. 

Any string interpolated into a CSS selector must be CSS escaped.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg 2024-10-03 14:03:21 -07:00 committed by Tim Abbott
parent 68e96bc73f
commit e7e8062b2e
6 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/dialog_widget.ts
View File

@ -21,7 +21,7 @@ function current_dialog_widget_id(): string {
}
function current_dialog_widget_selector(): string {
return `#${current_dialog_widget_id()}`;
return `#${CSS.escape(current_dialog_widget_id())}`;
}
/*

6
web/src/portico/signup.ts
View File

@ -316,14 +316,14 @@ $(() => {
]);
const hideElement = (element: string): void => {
const $element = $(`#${element}`);
const $element = $(`#${CSS.escape(element)}`);
$element.hide();
$element.removeAttr("required");
$(`#${element}-error`).hide();
$(`#${CSS.escape(element)}-error`).hide();
};
const showElement = (element: string): void => {
const $element = $(`#${element}`);
const $element = $(`#${CSS.escape(element)}`);
$element.show();
$element.attr("required", "required");
};

2
web/src/settings_linkifiers.ts
View File

@ -50,7 +50,7 @@ function open_linkifier_edit_form(linkifier_id: number): void {
});
function submit_linkifier_form(dialog_widget_id: string): void {
const $modal = $(`#${dialog_widget_id}`);
const $modal = $(`#${CSS.escape(dialog_widget_id)}`);
const $change_linkifier_button = $modal.find(".dialog_submit_button");
$change_linkifier_button.prop("disabled", true);

2
web/src/stream_settings_components.js
View File

@ -54,7 +54,7 @@ export const show_subs_pane = {
$("#subscription_overlay .stream-info-title").html(render_selected_stream_title({sub}));
}
update_footer_buttons(container_name);
$(`.${container_name}`).show();
$(`.${CSS.escape(container_name)}`).show();
$(".nothing-selected, .settings, #stream-creation").hide();
$("#stream-creation").show();
},

2
web/src/user_deactivation_ui.ts
View File

@ -65,7 +65,7 @@ export function confirm_deactivation(
const html_body = render_settings_deactivation_user_modal(opts);
function set_email_field_visibility(dialog_widget_id: string): void {
const $modal = $(`#${dialog_widget_id}`);
const $modal = $(`#${CSS.escape(dialog_widget_id)}`);
const $send_email_checkbox = $modal.find(".send_email");
const $email_field = $modal.find(".email_field");

2
web/src/user_group_components.ts
View File

@ -100,7 +100,7 @@ export const show_user_group_settings_pane = {
);
}
update_footer_buttons(container_name);
$(`.${container_name}`).show();
$(`.${CSS.escape(container_name)}`).show();
$("#groups_overlay .nothing-selected, #groups_overlay .settings").hide();
reset_active_group_id();
$("#user-group-creation").show();