From b44bd01bc5d49b1f098854e88cb2f472fac402a9 Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 14 Jun 2021 17:29:53 +0530 Subject: [PATCH 1/2] lint compliance --- www/common/sframe-common.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/common/sframe-common.js b/www/common/sframe-common.js index 6c77fc8f9..4da01a0dd 100644 --- a/www/common/sframe-common.js +++ b/www/common/sframe-common.js @@ -448,7 +448,7 @@ define([ } }; funcs.createPad = function (cfg, cb) { - var priv = ctx.metadataMgr.getPrivateData(); + //var priv = ctx.metadataMgr.getPrivateData(); if (AppConfig.disableAnonymousPadCreation && !funcs.isLoggedIn()) { return void UI.errorLoadingScreen(Messages.mustLogin); } From ceebb9913499b29c97c09339db3506dcee27d3f3 Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 14 Jun 2021 17:31:53 +0530 Subject: [PATCH 2/2] sanitize your own accountName --- www/common/common-ui-elements.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/www/common/common-ui-elements.js b/www/common/common-ui-elements.js index df7a0ccb1..7ae0b4a61 100644 --- a/www/common/common-ui-elements.js +++ b/www/common/common-ui-elements.js @@ -1650,7 +1650,7 @@ define([ var $displayedName = $('', {'class': displayNameCls}); var priv = metadataMgr.getPrivateData(); - var accountName = priv.accountName; + var accountName = Util.fixHTML(priv.accountName); var origin = priv.origin; var padType = metadataMgr.getMetadata().type; @@ -1660,7 +1660,8 @@ define([ var $userAdminContent = $('

'); if (accountName) { var $userAccount = $('').append(Messages.user_accountName + ': '); - $userAdminContent.append($userAccount).append(Util.fixHTML(accountName)); + + $userAdminContent.append($userAccount).append(accountName); $userAdminContent.append($('
')); } if (config.displayName && !AppConfig.disableProfile) {