nune/gitea
nune/gitea
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Forbid HTML injection using jQuery (#29843)

Browse source 
See
https://github.com/wikimedia/eslint-plugin-no-jquery/blob/master/docs/rules/no-append-html.md

Tested the following components and they work as before:
- notification table
- issue author dropdown
- comment edit box attachments div

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Giteabot <teabot@gitea.io>
This commit is contained in:
Yarden Shoham 2024-03-16 15:25:27 +02:00 committed by GitHub
parent c6e5ec51bd
commit f9b4efd42c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 12 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web_src/js/features/repo-issue-list.js
View file

@ -125,7 +125,9 @@ function initRepoIssueListAuthorDropdown() {
if (newMenuHtml) {
const $newMenuItems = $(newMenuHtml);
$newMenuItems.addClass('dynamic-item');
$menu.append('<div class="divider dynamic-item"></div>', ...$newMenuItems);
const div = document.createElement('div');
div.classList.add('divider', 'dynamic-item');
$menu[0].append(div, ...$newMenuItems);
}
$searchDropdown.dropdown('refresh');
// defer our selection to the next tick, because dropdown will set the selection item after this `menu` function