From 789bc3ecc1f1967e28a79c5963713bb7dff0ac69 Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Thu, 7 Jul 2016 14:17:48 +0200
Subject: [PATCH] keep people from derping themselves

localStorage XSS? yup. that happened
---
 customize.dist/main.js | 49 ++++++++++++++++++++++++++----------------
 1 file changed, 30 insertions(+), 19 deletions(-)

diff --git a/customize.dist/main.js b/customize.dist/main.js
index 7137a3ab0..e53dd66e4 100644
--- a/customize.dist/main.js
+++ b/customize.dist/main.js
@@ -6,6 +6,7 @@ define([
 ], function (DecorateToolbar, Cryptpad, LilUri) {
     var $ = window.$;
     DecorateToolbar.main($('#bottom-bar'));
+    Cryptpad.styleAlerts();
 
     var $table = $('table.scroll');
     var $tbody = $table.find('tbody');
@@ -62,27 +63,37 @@ define([
 
             var id = 'pad-'+index;
 
-            $tbody.append('<tr id="'+id+'">' +
-               '<td>' + name + '</td>' +
-               //'<td>' + title + '</td>' +
-               '<td><a href="' + pad.href + '" title="'+ pad.title + '">' + shortTitle + '</a></td>' +
-               '<td>' + created + '</td>' + // created
-               '<td>' + date + '</td>' +
-               '<td class="remove" title="forget \''+shortTitle+'\'">✖</td>'+
-               '</tr>');
-
-            var $row = $('#'+id);
-            $row.find('.remove').click(function () {
-                if (!window.confirm("Are you sure you'd like to forget this pad (" + shortTitle + ")?")) { return; }
-                forgetPad(pad.href);
-                $row.fadeOut(750, function () {
-                    $row.remove();
-                    if (!$table.find('tr').find('td').length) {
-                        $table.remove();
-                        $tryit.text("Try it out!");
-                    }
+            var $row = $('<tr>', {
+                id: id
+            });
+
+            var $remove = $('<td>', {
+                'class': 'remove',
+                title: "forget '"+shortTitle + "'"
+            }).text('✖').click(function () {
+                Cryptpad.confirm("Are you sure you'd like to forget this pad (" + shortTitle + ")?", function (yes) {
+                    if (!yes) { return; }
+                    forgetPad(pad.href);
+                    $row.fadeOut(750, function () {
+                        $row.remove();
+                        if (!$table.find('tr').find('td').length) {
+                            $table.remove();
+                            $tryit.text("Try it out!");
+                        }
+                    });
                 });
             });
+
+            $row
+                .append($('<td>').text(name))
+                .append($('<td>').append($('<a>', {
+                    href: pad.href,
+                    title: pad.title,
+                }).text(shortTitle)))
+                .append($('<td>').text(created))
+                .append($('<td>').text(date))
+                .append($remove);
+            $tbody.append($row);
         });
     };