Protect againt XSS in tui calendar

pull/1/head
yflory 4 years ago
parent c98dfd29c7
commit 33c9a2d395

@ -149,7 +149,7 @@ Messages.calendar_dateTimeRange = "{0} {1} - {2}";
if (!md) { return void console.error('Ignore calendar without metadata'); } if (!md) { return void console.error('Ignore calendar without metadata'); }
return { return {
id: id, id: id,
name: Util.fixHTML(md.title), name: md.title,
color: getContrast(md.color), color: getContrast(md.color),
bgColor: md.color, bgColor: md.color,
dragBgColor: md.color, dragBgColor: md.color,
@ -165,8 +165,8 @@ Messages.calendar_dateTimeRange = "{0} {1} - {2}";
var data = c.content || {}; var data = c.content || {};
Object.keys(data.content || {}).forEach(function (uid) { Object.keys(data.content || {}).forEach(function (uid) {
var obj = data.content[uid]; var obj = data.content[uid];
obj.title = Util.fixHTML(obj.title || ""); obj.title = obj.title || "";
obj.location = Util.fixHTML(obj.location || ""); obj.location = obj.location || "";
if (c.readOnly) { if (c.readOnly) {
obj.isReadOnly = true; obj.isReadOnly = true;
} }
@ -223,6 +223,9 @@ Messages.calendar_dateTimeRange = "{0} {1} - {2}";
popupSave: function () { popupSave: function () {
return Messages.settings_save; return Messages.settings_save;
}, },
popupDetailLocation: function(schedule) {
return 'Location : ' + Util.fixHTML(schedule.location); // XXX
},
timegridDisplayTime: getTime, timegridDisplayTime: getTime,
timegridDisplayPrimaryTime: getTime, timegridDisplayPrimaryTime: getTime,
popupDetailDate: function(isAllDay, start, end) { popupDetailDate: function(isAllDay, start, end) {

Loading…
Cancel
Save