mirror of https://github.com/zulip/zulip.git
web: Add missing CSS.escape calls.
Any string interpolated into a CSS selector must be CSS escaped. Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
parent
68e96bc73f
commit
e7e8062b2e
|
@ -21,7 +21,7 @@ function current_dialog_widget_id(): string {
|
|||
}
|
||||
|
||||
function current_dialog_widget_selector(): string {
|
||||
return `#${current_dialog_widget_id()}`;
|
||||
return `#${CSS.escape(current_dialog_widget_id())}`;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -316,14 +316,14 @@ $(() => {
|
|||
]);
|
||||
|
||||
const hideElement = (element: string): void => {
|
||||
const $element = $(`#${element}`);
|
||||
const $element = $(`#${CSS.escape(element)}`);
|
||||
$element.hide();
|
||||
$element.removeAttr("required");
|
||||
$(`#${element}-error`).hide();
|
||||
$(`#${CSS.escape(element)}-error`).hide();
|
||||
};
|
||||
|
||||
const showElement = (element: string): void => {
|
||||
const $element = $(`#${element}`);
|
||||
const $element = $(`#${CSS.escape(element)}`);
|
||||
$element.show();
|
||||
$element.attr("required", "required");
|
||||
};
|
||||
|
|
|
@ -50,7 +50,7 @@ function open_linkifier_edit_form(linkifier_id: number): void {
|
|||
});
|
||||
|
||||
function submit_linkifier_form(dialog_widget_id: string): void {
|
||||
const $modal = $(`#${dialog_widget_id}`);
|
||||
const $modal = $(`#${CSS.escape(dialog_widget_id)}`);
|
||||
const $change_linkifier_button = $modal.find(".dialog_submit_button");
|
||||
$change_linkifier_button.prop("disabled", true);
|
||||
|
||||
|
|
|
@ -54,7 +54,7 @@ export const show_subs_pane = {
|
|||
$("#subscription_overlay .stream-info-title").html(render_selected_stream_title({sub}));
|
||||
}
|
||||
update_footer_buttons(container_name);
|
||||
$(`.${container_name}`).show();
|
||||
$(`.${CSS.escape(container_name)}`).show();
|
||||
$(".nothing-selected, .settings, #stream-creation").hide();
|
||||
$("#stream-creation").show();
|
||||
},
|
||||
|
|
|
@ -65,7 +65,7 @@ export function confirm_deactivation(
|
|||
const html_body = render_settings_deactivation_user_modal(opts);
|
||||
|
||||
function set_email_field_visibility(dialog_widget_id: string): void {
|
||||
const $modal = $(`#${dialog_widget_id}`);
|
||||
const $modal = $(`#${CSS.escape(dialog_widget_id)}`);
|
||||
const $send_email_checkbox = $modal.find(".send_email");
|
||||
const $email_field = $modal.find(".email_field");
|
||||
|
||||
|
|
|
@ -100,7 +100,7 @@ export const show_user_group_settings_pane = {
|
|||
);
|
||||
}
|
||||
update_footer_buttons(container_name);
|
||||
$(`.${container_name}`).show();
|
||||
$(`.${CSS.escape(container_name)}`).show();
|
||||
$("#groups_overlay .nothing-selected, #groups_overlay .settings").hide();
|
||||
reset_active_group_id();
|
||||
$("#user-group-creation").show();
|
||||
|
|
Loading…
Reference in New Issue