Fixing DOM XSS issues, upload issues, and usability issues

2025-12-18 22:44:24 +01:00 · 2015-03-16 16:03:58 -04:00
parent 95e015abe6
commit ac83c8a576
9 changed files with 53 additions and 24 deletions
--- a/static/js/scoreboard.js
+++ b/static/js/scoreboard.js
@@ -9,12 +9,16 @@ String.prototype.format = String.prototype.f = function() {
    return s;
 };

+function htmlentities(string) {
+    return $('<div/>').text(string).html();
+}
+
 function updatescores () {
  $.get('/scores', function( data ) {
    teams = $.parseJSON(JSON.stringify(data));
    $('#scoreboard > tbody').empty()
    for (var i = 0; i < teams['teams'].length; i++) {
-      row = "<tr><td>{0}</td><td><a href='/team/{1}'>{2}</a></td><td>{3}</td></tr>".format(i+1, teams['teams'][i].id, teams['teams'][i].name, teams['teams'][i].score)
+      row = "<tr><td>{0}</td><td><a href='/team/{1}'>{2}</a></td><td>{3}</td></tr>".format(i+1, teams['teams'][i].id, htmlentities(teams['teams'][i].name), teams['teams'][i].score)
      $('#scoreboard > tbody').append(row)
    };
  });