htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Escape text passed in collection sorting

Browse Source 
Previously, the ID and title of tips and exercises newly added to the list were gathered from the DOM. While we keep this mechanism, we ensure to escape the text before reusing it.
This commit is contained in:
Sebastian Serth
2024-03-25 23:36:28 +01:00
committed by Dominic Sauer
parent 2c28e8616a
commit dfa970664d
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/exercise_collections.js
View File

@ -167,7 +167,7 @@ $(document).on('turbolinks:load', function() {
} }
var addExercise = function (id, title) { var addExercise = function (id, title) {
var exercise = {id: id, title: title} var exercise = {id: _.escape(id), title: _.escape(title)}
var collectionExercises = collectContainedExercises(); var collectionExercises = collectContainedExercises();
if (collectionExercises.indexOf(exercise.id) === -1) { if (collectionExercises.indexOf(exercise.id) === -1) {
// only add exercises that are not already contained in the collection // only add exercises that are not already contained in the collection

2
app/assets/javascripts/exercises.js
View File

@ -225,7 +225,7 @@ $(document).on('turbolinks:load', function () {
$('.remove-tip').on('click', removeTip); $('.remove-tip').on('click', removeTip);
function addTip(id, title) { function addTip(id, title) {
const tip = {id: id, title: title} const tip = {id: _.escape(id), title: _.escape(title)}
const template = const template =
'<div class="list-group-item d-block" data-tip-id=' + tip.id + ' data-id="">' + '<div class="list-group-item d-block" data-tip-id=' + tip.id + ' data-id="">' +
'<span class="fa-solid fa-bars me-3"></span>' + tip.title + '<span class="fa-solid fa-bars me-3"></span>' + tip.title +