XSS fix, books only shows title with out color atm...

2020-03-28 04:03:36 +01:00
parent 1d9e4fa598
commit 135e877fa8
6 changed files with 35 additions and 18 deletions
--- a/it1/js/converters/bok.js
+++ b/it1/js/converters/bok.js
@@ -11,14 +11,26 @@ class Book {
    toString() {
        return this.title+' av '+this.author+', terningkast '+this.rating+', utgitt '+this.published.toString().slice(0,15)+', forlag; '+this.publisher
    }
-    toHtml(user=false) {
-        let span = function(string, color='red') {
-            return '<span style="color: '+color+'">'+string+'</span>'
+    toHtml(elm) {
+        let span = function(selector, string, color='red') {
+            $($(selector)[$(selector).length-1]).append('<span style="color: '+color+'"></span>')
+            //$($(selector+' > span')[$(selector+' > span').length-1])
        }
+        let user = firebase.auth().currentUser
+        elm.append('<p class="book"></p>', this.title)
+        span('.book')
+        //.text(this.toString())
+        if (user) {
+            $($('.kommentar')[$('.kommentar').length-1]).append(' &nbsp; <a class="btn btn-primary" href="javascript: remove(\''+this.cfid+'\')">Slett</a>')
+        }
+    } /*
+    let span = function(string, color='red') {
+        return '<span style="color: '+color+'">'+string+'</span>'
+    }
        return '<p>'+span(this.title)+' av '+span(this.author)+', terningkast '+span(this.rating)+', utgitt '
            +span(this.published.toString().slice(0,15), 'green')+', forlag; '+span(this.publisher, 'yellow')
            +(user?' &nbsp; <a class="btn btn-primary" href="javascript: remove(\''+this.cfid+'\')">Slett</a>':'')+'</p>'
-    }
+    }*/
 }

 bookConverter = {