diff --git a/www/common/common-interface.js b/www/common/common-interface.js index b2cd042a8..20eb1d536 100644 --- a/www/common/common-interface.js +++ b/www/common/common-interface.js @@ -1036,7 +1036,7 @@ define([ } }, //arrowType: 'round', - dynamicTitle: true, + dynamicTitle: false, arrowTransform: 'scale(2)', zIndex: 100000001 }); @@ -1053,6 +1053,10 @@ define([ }).forEach(function (obj) { opts[obj.name.slice(11)] = obj.value; }); + if (!el.getAttribute('data-cptippy-html') && !el.fixHTML) { + el.setAttribute('title', Util.fixHTML(el.getAttribute('title'))); // fixHTML + el.fixHTML = true; // Don't clean HTML twice on the same element + } Tippy(el, opts); }; // This is the robust solution to remove dangling tooltips @@ -1075,6 +1079,7 @@ define([ } } if (mutation.type === "attributes" && mutation.attributeName === "title") { + mutation.target.fixHTML = false; addTippy(0, mutation.target); } }); diff --git a/www/common/common-ui-elements.js b/www/common/common-ui-elements.js index 068c60c31..fe28eb6d0 100644 --- a/www/common/common-ui-elements.js +++ b/www/common/common-ui-elements.js @@ -2754,6 +2754,7 @@ define([ var origin = privateData.origin; var createHelper = function (href, text) { var q = h('a.cp-creation-help.fa.fa-question-circle', { + 'data-cptippy-html': true, title: text, href: origin + href, target: "_blank", diff --git a/www/common/drive-ui.js b/www/common/drive-ui.js index 6638e02db..57e40ffdb 100644 --- a/www/common/drive-ui.js +++ b/www/common/drive-ui.js @@ -1903,7 +1903,8 @@ define([ } if (data.filename && data.filename !== data.title) { var $renamed = $renamedIcon.clone().appendTo($state); - $renamed.attr('title', Messages._getKey('fm_renamedPad', [data.title])); + $renamed.attr('data-cptippy-html', 'true'); + $renamed.attr('title', Messages._getKey('fm_renamedPad', [Util.fixHTML(data.title)])); } if (hrefData.hashData && hrefData.hashData.password) { var $password = $passwordIcon.clone().appendTo($state); @@ -2407,6 +2408,7 @@ define([ var createHelper = function (href, text) { var q = h('a.fa.fa-question-circle', { style: 'text-decoration: none !important;', + 'data-cptippy-html': true, title: text, href: APP.origin + href, target: "_blank", @@ -2818,7 +2820,7 @@ define([ var getProp = function (el) { if (folder && root[el] && manager.isSharedFolder(root[el])) { var title = manager.getSharedFolderData(root[el]).title || el; - return title.toLowerCase(); + return String(title).toLowerCase(); } else if (folder) { return el.toLowerCase(); } diff --git a/www/common/messenger-ui.js b/www/common/messenger-ui.js index 4a64f186e..a21a84fad 100644 --- a/www/common/messenger-ui.js +++ b/www/common/messenger-ui.js @@ -831,7 +831,6 @@ define([ var md = common.getMetadataMgr().getMetadata(); var name = md.title || md.defaultTitle; $userlist.find(dataQuery(padChat)).find('.cp-app-contacts-name').text(name); - $userlist.find(dataQuery(padChat)).attr('title', name); $messages.find(dataQuery(padChat) + ' .cp-app-contacts-header .cp-app-contacts-name') .text(name); diff --git a/www/common/outer/mailbox-handlers.js b/www/common/outer/mailbox-handlers.js index 290614718..7677614ec 100644 --- a/www/common/outer/mailbox-handlers.js +++ b/www/common/outer/mailbox-handlers.js @@ -26,11 +26,6 @@ define([ // Old format: data was stored directly in "content" var userData = data.msg.content.user || data.msg.content; - // Check if the request is valid (send by the correct user) - if (data.msg.author !== userData.curvePublic) { - return void cb(true); - } - if (isMuted(ctx, data)) { return void cb(true); } // Don't show duplicate friend request: if we already have a friend request @@ -174,7 +169,7 @@ define([ }; handlers['UNFRIEND'] = function (ctx, box, data, cb) { - var curve = data.msg.content.curvePublic; + var curve = data.msg.author; var friend = Messaging.getFriend(ctx.store.proxy, curve); if (!friend) { return void cb(true); } delete ctx.store.proxy.friends[curve]; @@ -262,8 +257,6 @@ define([ var msg = data.msg; var content = msg.content; - if (msg.author !== content.user.curvePublic) { return void cb(true); } - if (isMuted(ctx, data)) { return void cb(true); } var channel = content.channel; @@ -292,8 +285,6 @@ define([ var msg = data.msg; var content = msg.content; - if (msg.author !== content.user.curvePublic) { return void cb(true); } - var channel = content.channel; var res = ctx.store.manager.findChannel(channel, true); @@ -315,8 +306,6 @@ define([ var msg = data.msg; var content = msg.content; - if (msg.author !== content.user.curvePublic) { return void cb(true); } - if (isMuted(ctx, data)) { return void cb(true); } if (!content.teamChannel && !(content.href && content.title && content.channel)) { @@ -345,7 +334,6 @@ define([ var msg = data.msg; var content = msg.content; - if (msg.author !== content.user.curvePublic) { return void cb(true); } if (!content.channel && !content.teamChannel) { console.log('Remove invalid notification'); return void cb(true); @@ -375,8 +363,6 @@ define([ var msg = data.msg; var content = msg.content; - if (msg.author !== content.user.curvePublic) { return void cb(true); } - if (isMuted(ctx, data)) { return void cb(true); } if (!content.team) { @@ -418,7 +404,6 @@ define([ var msg = data.msg; var content = msg.content; - if (msg.author !== content.user.curvePublic) { return void cb(true); } if (!content.teamChannel) { console.log('Remove invalid notification'); return void cb(true); @@ -435,7 +420,6 @@ define([ var msg = data.msg; var content = msg.content; - if (msg.author !== content.user.curvePublic) { return void cb(true); } if (!content.teamChannel) { console.log('Remove invalid notification'); return void cb(true); @@ -471,7 +455,6 @@ define([ var msg = data.msg; var content = msg.content; - if (msg.author !== content.user.curvePublic) { return void cb(true); } if (!content.teamData) { console.log('Remove invalid notification'); return void cb(true); @@ -505,7 +488,6 @@ define([ var msg = data.msg; var content = msg.content; - if (msg.author !== content.user.curvePublic) { return void cb(true); } if (!content.channel) { console.log('Remove invalid notification'); return void cb(true); @@ -652,6 +634,12 @@ define([ } */ if (!data.msg) { return void cb(true); } + + // Check if the request is valid (sent by the correct user) + var curve = Util.find(data, ['msg', 'content', 'user', 'curvePublic']) || + Util.find(data, ['msg', 'content', 'curvePublic']); + if (curve && data.msg.author !== curve) { console.error('blocked'); return void cb(true); } + var type = data.msg.type; if (handlers[type]) { diff --git a/www/common/proxy-manager.js b/www/common/proxy-manager.js index e1cb4c11e..e272070a4 100644 --- a/www/common/proxy-manager.js +++ b/www/common/proxy-manager.js @@ -1256,7 +1256,7 @@ define([ var getTitle = function (Env, id, type) { var uo = _getUserObjectFromId(Env, id); - return uo.getTitle(id, type); + return String(uo.getTitle(id, type)); }; var isReadOnlyFile = function (Env, id) { diff --git a/www/common/sframe-common-codemirror.js b/www/common/sframe-common-codemirror.js index dc046cd62..e6ed9ded2 100644 --- a/www/common/sframe-common-codemirror.js +++ b/www/common/sframe-common-codemirror.js @@ -509,11 +509,12 @@ define([ var cursorPosS = posToCursor(cursor.selectionStart, doc); var el = makeCursor(id); if (cursor.color) { - $(el).css('border-color', cursor.color); - $(el).css('background-color', cursor.color); + $(el).css('border-color', cursor.color) + .css('background-color', cursor.color); } if (cursor.name) { - $(el).attr('title', makeTippy(cursor)); + $(el).attr('title', makeTippy(cursor)) + .attr('data-cptippy-html', true); } marks[id] = editor.setBookmark(cursorPosS, { widget: el }); } else { @@ -524,6 +525,7 @@ define([ : 'background-color: rgba(255,0,0,0.2)'; marks[id] = editor.markText(pos1, pos2, { css: css, + 'data-cptippy-html': true, title: makeTippy(cursor), className: 'cp-tippy-html' }); diff --git a/www/common/toolbar3.js b/www/common/toolbar3.js index 09f7784a6..e2be585d1 100644 --- a/www/common/toolbar3.js +++ b/www/common/toolbar3.js @@ -312,7 +312,8 @@ MessengerUI, Messages) { } else if (friendRequests[data.curvePublic]) { $('